Android malware posing as Google Chrome could steal your photos, contacts, and more — how to spot the fake

An updated version of the XLoader malware for Android devices doesn’t require any user interaction to launch once installed, according to researchers at McAfee (via BleepingComputer). Of course, you still need to click the malicious link in an SMS message to download and install the malware, but this XLoader variant doesn’t require users to manually launch the malware anymore.

Right now, the malware is being distributed through SMS texts on Android devices. If you’re targeted, the SMS text will include a shortened URL that, if clicked on, will direct you to a website to download an Android APK installation file for a mobile app.  McAfee says that, “While the app is installed, their malicious activity starts automatically.”