At the beginning of this month, ThreatFabric’s security researchers made a shocking discovery; A dangerous new Android trojan with direct ties to the Alien malware. Xenomorph, as the new trojan is called, shares similarities with the Alien code, but the primary concern with the new trojan is that it is far more powerful and capable than its predecessor.
At the time of writing, over 50,000 users of various Android devices have installed seemingly innocent applications that act as carriers of the Xenomorph malware. Reportedly, the malware is already targeting users of 56 different European banks.
While Google has been fighting back against hackers using generic apps to infect devices with malicious software, the war is far from over. Google Play remains one of the leading ways users’ devices pick up harmful malware, and the worst part is that users don’t even realize their devices have been infected until it’s too late.
One of the most recent apps discovered to be used as a malware dropper is FastCleaner. The app claims to be able to speed Android devices up and make them run smoother by removing clutter and ‘junk’ files. In reality, FastCleaner was found to be a dropper for the Xenomorph malware.
According to ThreatFabric, Xenomorph is still in active development, but the trojan is already capable of more than the Alien malware of 2020. Xenomorph primarily uses an overlay attack to gain access to users’ banking app credentials. An overlay attack is particularly successful and dangerous because it’s triggered without the user’s knowledge.
The malware is able to mimic a legitimate banking interface exactly and intercept the information picked up by the touch screen. Xenomorph can also read notifications and messages, thereby gaining access to OTPs sent out by your bank and even reading password change confirmations.
Thus far, Xenomorph has attacked users in Italy, Spain, Portugal, and Belgium. Experts say that Xenomorph has a wealth of untapped potential, even though the malware is still in its early stages of development. For this and other types of threats, we recommend you look at our easy ways to remain safe online.
