$ 119,874.8
€ 103,064.9
£ 89,198.4
¥ 17,768,976.7
CZK 2,542,930.0
BTC
0.99 %
$ 3,478.47
€ 2,992.12
£ 2,588.87
¥ 515,156.1
CZK 73,606.5
ETH
3.12 %
$ 3.53
€ 3.03
£ 2.63
¥ 521.10
CZK 73.84
XRP
15.98 %
$ 0.5091
€ 0.4386
£ 0.3787
¥ 75.41
CZK 10.79
XLM
12.19 %
/?pid=23144

Updated:09:27 AM EDT Jul 17


this is ggmania.com subsite New Android Banking Trojan Spreading via Google Play Store - TechAmok

New Android Banking Trojan Spreading via Google Play Store - [security]
11:31 AM EST - Feb,21 2022 - post a comment

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being "radically different" from its predecessor in terms of the functionalities offered. "Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores," ThreatFabric's founder and CEO, Han Sahin, said. "In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS." Alien, a remote access trojan (RAT) with notification sniffing and authenticator-based 2FA theft features, emerged shortly after the demise of the infamous Cerberus malware in August 2020. Since then, other forks of Cerberus have been spotted in the wild, including ERMAC in September 2021. Xenomorph, like Alien and ERMAC, is yet another example of an Android banking trojan that's focused on circumventing Google Play Store's security protections by masquerading as productivity apps such as "Fast Cleaner" to trick unaware victims into installing the malware.

It's worth noting that a fitness training dropper app with over 10,000 installations - dubbed GymDrop - was found delivering the Alien banking trojan payload in November by masking it as a "new package of workout exercises." Fast Cleaner, which has the package name "vizeeva.fast.cleaner" and continues to available on the app store, has been most popular in Portugal and Spain, data from mobile app market intelligence firm Sensor Tower reveals, with the app making its first appearance in the Play Store towards the end of January 2022. What's more, reviews for the app from users warned that "this app has malware" and that it "ask[s] for an update to be confirmed continuously." Another user said: "It puts malware on the device and apart from that it has a self-protection system so that you cannot uninstall it." Also put to use by Xenomorph is the time-tested tactic of prompting the victims to grant it Accessibility Service privileges and abuse the permissions to conduct overlay attacks, wherein the malware injects rogue overlay screens atop targeted apps from Spain, Portugal, Italy, and Belgium to siphon credentials and other personal information. Additionally, it's equipped with a notification interception feature to extract two-factor authentication tokens received via SMS, and get the list of installed apps, the results of which are exfiltrated to a remote command-and-control server.


Add your comment (free registrationrequired)

Short overview of recent news articles

Jul,17 2025 Stranger Things 5 - Official Teaser
Jul,14 2025 Google Is Selling Fake Products - WAN Show July 11, 2025
Jul,12 2025 Hacked by playing Call of Duty WW2 on Gamepass?
Jul,12 2025 2025 VW Golf GTE // TOP SPEED REVIEW on AUTOBAHN
Jul,11 2025 NEW Audi RS3 v cheapest used RS3: DRAG RACE
Jul,10 2025 A critical security vulnerability in Microsoft Remote Desktop Client
Jul,10 2025 Samsung Z Fold/Flip 7 Impressions: Major Upgrades!
Jul,08 2025 Gmail's latest feature helps you get rid of those pesky emails from
Jul,06 2025 I'm an idiot and still made top 5... here's how
Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser
Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look
Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$?
Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven!
Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves,
Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass)
Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN
Jul,01 2025 Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060
Jun,30 2025 AMD Adrenalin 25.6.3 Driver Is Available
Jun,30 2025 NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased
Jun,29 2025 Guess What Nvidia Did THIS Time
Jun,28 2025 The 10 Best Dinosaur Movies of All Time
Jun,28 2025 Microsoft officially confirms that Windows 11 version 25H2 is coming
Jun,26 2025 Eddington - Official Trailer 2 (2025) Joaquin Phoenix, Pedro Pascal
Jun,25 2025 Microsoft Say System Restore Points Now Expire After 60 Days
Jun,25 2025 Facebook, Netflix, and Microsoft Websites Hijacked to Insert Fake
Jun,24 2025 I put a $3000 GPU in my Average PC... It Was a Mistake
Jun,24 2025 Best External SSD for Mac 2025: After Weeks of Testing, Here's What
Jun,23 2025 Mostly boob jokes this week (RTX 5090 DD) - Tech News June 22
Jun,21 2025 Superman - Official 30 Second Spot (2025)
Jun,21 2025 'The fastest road car I've ever been in!' - Ferrari F80 track day
Jun,20 2025 CPU SCAM: AMD Ryzen 9800X3D Counterfeits & Fraud
Jun,19 2025 28 Years Later Review
Jun,18 2025 HW News - NVIDIA "N1x" CPU Leak, ASUS Xbox ROG Ally, More Intel
Jun,17 2025 NVIDIA GeForce 576.80 WHQL Driver
Jun,16 2025 The Fantastic Four: First Steps - Official 'H.E.R.B.I.E.' Teaser
Jun,15 2025 Huawei Maextro S800 First Look - A True BMW & Mercedes Killer?
Jun,14 2025 Upgrade Windows 10 to Windows 10 LTSC Without Losing Data
Jun,14 2025 Squid Game: Season 3 - Final Games Trailer
Jun,11 2025 WWDC 2025: Everything Revealed in 9 Minutes
Jun,10 2025 Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs