An Android Trojan named Xenomorph can target over 56 banking, finance applications

The online fraud detection company, Threatfabric, has recently revealed that over fifty thousand Android users have installed a Trojan that has the potential to target over fifty-six banking apps.

This malware has been named after an alien species, the Xenomorph. Currently, it holds limited options. However, it seems like the trojan is still going through a development phase. It can be expected that the upcoming version will hold more potential.

ThreatFabric said that the fact that this malware still asks for multiple logins could mean that it is still not ready yet. The malware could be a project of the hands behind the first alien species, or it could be someone who knows which code was used for the original version.

The malware can be welcomed on a device by installing malicious apps from Android’s Google Play Store. Recently, an app which was apparently programmed to speed up a device was originally held by a trojan and was successfully able to target over 50,000 users under the name of Fast Cleaner.

After the Xenomorph has made its way into the system, it can extract all the personal data as well as text messages. It even has the ability to stop the victim from removing the application from the device. The malware can easily take over the system with this.

By showcasing a forged login interface, the malware can even get its hand on banking information. Having access to the text messages of a user, enables the malware to silently get itself into other applications, which requires a two-factor checkup.

It works by dispatching the downloaded overlays of various banking applications to its command and control center. This center gives the fake log-in page to the user through which the details are collected.

According to ThreatFabric, the malware only shares the overlay and not the logged data with its center. So far, the trojan has attacked apps belonging to different countries, including Spain, Italy, and Belgium as well.

ThreatFabric further added that the malware still has a lot of room left that can take it to another level of threat. The upcoming versions of this trojan could have the potential to steal more information.

Read next: A newly discovered Windows 10 bug can expose the browsing history and banking information of anyone who uses Google
Previous Post Next Post