This malicious Android malware has one devious USP: it doesn’t even need to be opened to steal all your photos and files

Security researchers have discovered new Android malware that doesn’t even require user interaction to launch. However, to become fully operational and perform the processes it was designed for, it still needs the victim’s approval.

Cybersecurity researchers at McAfee said they have observed a new version of XLoader, a well-known Android malware variant that has been used in the past to steal sensitive user information from victims in the US, UK, Germany, France, Japan, South Korea and Taiwan. This new loader is distributed in the same way as its predecessors: via an SMS message with a shortened URL, which leads to a website hosting the malicious .APK file.