Xenomorph Malware Burrows into Google Play Users

bank trojan ransomware

Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.

An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned. For anyone who downloaded the “Fast Cleaner” app, it’s time to nuke it from orbit.

According to a ThreatFabric analysis, Xenomorph has a target list of 56 different European banks, for which it provides convincing facsimiles of log-in pages whenever a victim attempts to log into a mobile banking app. The goal of course is to steal any credentials that victims enter into the faux log-in overlay.

However, the malware is also a flexible, modular banking trojan, which has code overlaps and other ties to the Alien malware – hence the name. It notably contains the ability to abuse Android’s accessibility services for broad control over a device’s capabilities, which could open the door to dangerous features that go beyond hijacking mobile banking credentials.

Read more: threatpost.com