Skip to content

Hide Navigation Hide TOC

XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c)

XLoader for Android is a malicious Android app first observed targeting Japan, Korea, China, Taiwan, and Hong Kong in 2018. It has more recently been observed targeting South Korean users as a pornography application.(Citation: TrendMicro-XLoader-FakeSpy)(Citation: TrendMicro-XLoader) It is tracked separately from the XLoader for iOS.

Cluster A Galaxy A Cluster B Galaxy B Level
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
System Information Discovery - T1426 (e2ea7f6b-8d4f-49c3-819d-660530d12b77) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
Dead Drop Resolver - T1481.001 (986f80f7-ff0e-4f48-87bd-0394814bbce5) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware System Network Configuration Discovery - T1422 (d4536441-1bcc-49fa-80ae-a596ed3f7ffd) Attack Pattern 1
Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware 1
XLoader for Android - S0318 (2740eaf6-2db2-4a40-a63f-f5b166c7059c) Malware Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) Attack Pattern SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002) Attack Pattern 2
Device Administrator Permissions - T1626.001 (9c049d7b-c92a-4733-9381-27e2bd2ccadc) Attack Pattern Abuse Elevation Control Mechanism - T1626 (08ea902d-ecb5-47ed-a453-2798057bb2d3) Attack Pattern 2
Web Service - T1481 (c6a146ae-9c63-4606-97ff-e261e76e8380) Attack Pattern Dead Drop Resolver - T1481.001 (986f80f7-ff0e-4f48-87bd-0394814bbce5) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2