The lesson is grim: In the world of cybercrime, no flag is sacred. Whether you are a Huawei loyalist or a Western detractor, the malware does not care about your politics. It only cares that your device is connected—and that you trust an update that says "Huawei."
With the transition to (which drops Android AOSP support entirely), Huawei is introducing a completely new binary format. Security researchers at Kaspersky and ESET have noted that early versions of the HarmonyOS SDK contained vulnerabilities in the dynamic loader that allowed native libraries to bypass permission checks—a flaw XLoader variants quickly adapted to exploit. huawei+xloader
Chen leaned in, his glasses reflecting the blue light of the monitor. He traced the anomaly back to a hidden partition within the bootloader code. Someone had embedded a "backdoor" into the XLoader—not for a foreign government or a rival company, but for themselves. The lesson is grim: In the world of
(SMS phishing). Victims receive a text message with a shortened, legitimate-looking link. XLoader Trojan Poses as Security App for Android 3 Apr 2019 — Security researchers at Kaspersky and ESET have noted
: It acts as the second stage of the bootloader, bridging the gap between the initial BootROM and the final Fastboot mode.