Xloader [top] | 2024-2026 |

: Malicious links sent via email or SMS that lead to fake download pages.

: While highly active on Windows, its Android variants are frequently used in smishing (SMS phishing) botnets. The Shift to Malware-as-a-Service (MaaS) xloader

: It uses complex injection methods to hide within legitimate system processes. : Malicious links sent via email or SMS

: Bypassing two-factor authentication (2FA) by reading incoming codes. xloader

In the mobile sector, XLoader is a dominant player in smishing campaigns, particularly targeting regions like Japan. On Android devices, XLoader typically disguises itself as legitimate apps (e.g., Chrome, courier services, or security updates) to trick users into granting dangerous permissions. Once installed, it can: