With the transition to (which drops Android AOSP support entirely), Huawei is introducing a completely new binary format. Security researchers at Kaspersky and ESET have noted that early versions of the HarmonyOS SDK contained vulnerabilities in the dynamic loader that allowed native libraries to bypass permission checks—a flaw XLoader variants quickly adapted to exploit.
XLoader (not to be confused with the Windows infostealer) is a notorious Android and spyware that has plagued the mobile world since 2018. huawei+xloader
If you are referring to the malware, it is a tool widely used for credential theft and espionage. With the transition to (which drops Android AOSP
Security researchers often target the xloader and BootROM to find vulnerabilities that could allow for bootloader unlocking or custom firmware installation. If you are referring to the malware, it
Although Xloader is currently Windows-centric, the evolution of malware often moves to mobile. With HarmonyOS gaining traction, cybersecurity researchers are monitoring for cross-compiled versions of stealers. The "Huawei+Xloader" keyword might also reflect concern about whether Xloader could evolve to target HarmonyOS through Android compatibility layers.
: It runs on the ARM Cortex-M3 microcontroller within the Kirin SoC.