This super-dangerous Android malware has returned to target US shoppers and bankers
The infamous Xenomorph Android malware is back with new tools, and ready to steal more than just money from unsuspecting victims, experts have warned.
Cybersecurity researchers ThreatFabric, which has been monitoring the malware since early 2022, there is a new campaign active at the moment, targeting victims in the U.S., Canada, Spain, Italy, Portugal, and Belgium.
The infection chain is similar to what we’ve seen from Xenomorph in the past – the attackers set up phishing pages, “warning” victims that their Chrome browser needs to be updated and then delivering the malicious APK to the endpoint.
New distribution mechanism
Those that take the bait and install the APK will get an advanced version of Xenomorph, capable of stealing money from numerous banks, as well as cryptocurrencies from different wallets.
The malware does so by overlaying legitimate apps, and this time around, Xenomorph comes with approximately a hundred different overlays. The app chooses the right overlay, depending on the target demographic.
“This latest campaign also added plenty of financial institutions from the United States, together with multiple crypto-wallet applications, totaling more than 100 different targets per sample, each one using a specifically crafted overlay to steal precious PII from the victim’s infected device,” the researchers said in their technical writeup.
Xenomorph has endured countless changes throughout the years. The latest version comes with a couple of new features, including a way to mimic legitimate apps, simulating a tap on the screen, and making sure the smartphone doesn’t switch its screen off by keeping active notifications on at times.
The malware was first discovered in early 2022 when it was observed targeting users of 56 banks in Europe. Back then, it was being distributed via Google Play, and was downloaded more than 50,000 times. Since then, it was removed from Google’s repository and deployed via a dropper called “BugDrop”.
Via BleepingComputer
More from TechRadar Pro
The infamous Xenomorph Android malware is back with new tools, and ready to steal more than just money from unsuspecting victims, experts have warned. Cybersecurity researchers ThreatFabric, which has been monitoring the malware since early 2022, there is a new campaign active at the moment, targeting victims in the U.S.,…
Recent Posts
- Windows won’t take screenshots of everything you do after all — unless you opt in
- These are the best laptops announced at Computex 2024
- Apple Vision Pro features we’d love to see at WWDC 2024
- Netflix’s Mike Tyson vs. Jake Paul fight pushed back to November
- Forget 115-inch 4K TVs – TCL says 130-inch sets are coming soon, with 150 inches on the horizon
Archives
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011