Android phone users have been warned of a new malware threat that can steal users’ sensitive data, including text messages and photos, within seconds.
The Xloader malware, otherwise known as MoqHao, has been around since 2015, but a recent new variant means it’s much easier for hackers to access your phone’s data.
Computer security firm McAfee has warned Android users that hackers using Xloader are sending text messages with a shortened download URL.
Watch the latest news on Channel 7 or stream for free on 7plus 
In some cases, the text message may appear to be from someone in your contacts asking you to download a link containing an Android APK file.
APK files are used to download data outside of Google’s official Play Store and bypass Google’s security measures.
McAfee said that while previous versions of Xloader required phone users to download and open the malware, the new programming meant the malware could run silently in the background as soon as a connection was opened.
“Typical MoqHao (Xloader) needs to be manually run by the user after installation, but this variant runs automatically after installation without user interaction,” McAfee said.
Once on the phone, the malware can collect text messages, photos, contacts and other data.
Android users in the United States, United Kingdom, Germany, France, Japan, South Korea and Taiwan have already reported being targeted.
“We have already reported this technique to Google and they are already working on implementing mitigations to prevent this type of automatic execution in a future version of Android,” McAfee said.
Protect your phone from malware
One of the key features of the new Xloader variant is that it will appear on the phone disguised as a Google Chrome app, although the front of the app will be slightly different.
After downloading, it can ask for sending and access to SMS content, as well as permission for constant background work.
An antivirus app can remove the malware in most cases, but some Android users may need to perform a factory reset to delete it.
McAfee experts said that Android devices with Google Play Services, which have Google Play Protect enabled by default, are protected.
To prevent your data from being stolen, avoid opening shortened URL links or downloading apps outside of the Play Store.
Be careful with the permissions that apps ask for and stay up to date with software updates.