/?pid=new-android-banking-trojan-spreading-via-google-play-store-23144

Updated:05:14 AM EDT Mar 29


this is ggmania.com subsite New Android Banking Trojan Spreading via Google Play Store - TechAmok

New Android Banking Trojan Spreading via Google Play Store - [security]
11:31 AM EST - Feb,21 2022 - post a comment

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being "radically different" from its predecessor in terms of the functionalities offered. "Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores," ThreatFabric's founder and CEO, Han Sahin, said. "In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS." Alien, a remote access trojan (RAT) with notification sniffing and authenticator-based 2FA theft features, emerged shortly after the demise of the infamous Cerberus malware in August 2020. Since then, other forks of Cerberus have been spotted in the wild, including ERMAC in September 2021. Xenomorph, like Alien and ERMAC, is yet another example of an Android banking trojan that's focused on circumventing Google Play Store's security protections by masquerading as productivity apps such as "Fast Cleaner" to trick unaware victims into installing the malware.

It's worth noting that a fitness training dropper app with over 10,000 installations - dubbed GymDrop - was found delivering the Alien banking trojan payload in November by masking it as a "new package of workout exercises." Fast Cleaner, which has the package name "vizeeva.fast.cleaner" and continues to available on the app store, has been most popular in Portugal and Spain, data from mobile app market intelligence firm Sensor Tower reveals, with the app making its first appearance in the Play Store towards the end of January 2022. What's more, reviews for the app from users warned that "this app has malware" and that it "ask[s] for an update to be confirmed continuously." Another user said: "It puts malware on the device and apart from that it has a self-protection system so that you cannot uninstall it." Also put to use by Xenomorph is the time-tested tactic of prompting the victims to grant it Accessibility Service privileges and abuse the permissions to conduct overlay attacks, wherein the malware injects rogue overlay screens atop targeted apps from Spain, Portugal, Italy, and Belgium to siphon credentials and other personal information. Additionally, it's equipped with a notification interception feature to extract two-factor authentication tokens received via SMS, and get the list of installed apps, the results of which are exfiltrated to a remote command-and-control server.

Short overview of recent news articles

Whatever Happened To Acer? (Mar,29 2024 )

Intel's Battle Has Just Begun (Mar,28 2024 )

Unreal Physics is a new free game on Steam (Mar,27 2024 )

Is The World's Cheapest Hardware Wallet SafePal S1 Worth It? (Mar,27 2024 )

Yes, this was a Bad Idea (Emergency Wall-Mounted PC Build) (Mar,27 2024 )

11 Cool Command Line Programs You Need to See (Mar,27 2024 )

When you Accidentally Compromise every CPU on Earth (Mar,26 2024 )

Everyone Who Tried This Has FAILED - Khadas Mind Modular PC (Mar,24 2024 )

Air Cooling is Dead (Mar,24 2024 )

US Justice Dept. Sues Apple for Monopolistic Behavior in Smartphones (Mar,24 2024 )

Beetlejuice Beetlejuice - Official Teaser Trailer (2024) Michael (Mar,24 2024 )

Alien: Romulus | Teaser Trailer (Mar,22 2024 )

NVIDIA Is On a Different Planet (Mar,22 2024 )

Everyone Needs This and it's Under $10 - Handy Tech Under $100 (Mar,21 2024 )

20 COOL GADGETS FOR 2024 (Mar,21 2024 )

Nvidia's 5090 Is Built From WHAT?! (Mar,21 2024 )

Parasyte: The Grey | Official Trailer | Netflix (Mar,20 2024 )

Fastest m.2 on Planet EARTH | Crucial T705 Nvme Review (Mar,20 2024 )

LG's new 480Hz OLED dual-mode monitor (Mar,20 2024 )

First 9.1 GHz CPU (overclocked 14900KS) (Mar,19 2024 )

Haley Messick - Saatisfaction @bennybenassi - In10sive Mastercamp (Mar,18 2024 )

1000W CPU: The Most Powerful Desktop Processor (Mar,18 2024 )

Expands Snapdragon 8 Series to Cover More Price Points (Mar,18 2024 )

Train Vs Lamborghini (Mar,17 2024 )

Don't use a Microsoft Account! (Mar,16 2024 )

This Ghillie Made from MIRRORS is SHOCKINGLY GOOD (Mar,16 2024 )

How Hackers Deliver Malware to Hack you using Social Media (Mar,16 2024 )

Call of Duty: Warzone Mobile - Launch Trailer (Mar,15 2024 )

Intel's 4th Attempt At Beating Ryzen - "New" 6.2GHz Core (Mar,14 2024 )

Asus Goes Big with Zenfone 11 Ultra (Mar,14 2024 )

House Passes Bill to Force Sale of TikTok (Mar,14 2024 )

Motorola Brings More Affordable 5G Phones to its 2024 Lineup (Mar,14 2024 )

Capristan Swim - Miami Swim Week | Art Basel Miami (Mar,14 2024 )

The Most Stunning All SSD NAS Ever? Inside QNAP's All-SSD (Mar,11 2024 )

M2 vs M3 MacBook Air - ULTIMATE Comparison! (Mar,11 2024 )

Risky PC Experiment: Direct CPU Water-Cooling! Can It Survive? (Mar,11 2024 )

SpaceX Falcon 9 rocket launches 23 Starlink satellites from (Mar,11 2024 )

I tried the Cheapest Arduino Alternative (that Nobody heard of) (Mar,10 2024 )

This is the WEIRDEST PC I've ever seen. (Mar,10 2024 )

Nvidia Retires GTX 16 Series, GDDR7 Arrives, FSR Upscaling Going AI? (Mar,10 2024 )

The New BIOS Hack That Bypasses Every Antivirus (Mar,09 2024 )

Microsoft says it hasn't been able to shake Russian state hackers (Mar,09 2024 )

iOS 17.4, Out Today, Brings Transcripts to Apple Podcasts (Mar,09 2024 )

Microsoft Kills Android-on-Windows (Mar,09 2024 )

Don't Make These Common PC Building Mistakes! (Mar,08 2024 )

Sydney Sweeney Gets Outcast By Her Hooters Co-Workers On 'SNL' (Mar,07 2024 )

How A Journalist Uncovered America's Secret Doomsday Bunkers (Mar,07 2024 )

Government Banning Hardware Wallets? (Mar,07 2024 )

Xiaomi 14 Ultra Full Review: I prefer to call it '13S Ultra' (Mar,07 2024 )

Windows Defender vs Ransomware 2024 (Mar,05 2024 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs