Android Banking Trojan Strikes Again in Google Play Store | What to Know About Xenomorph Malware

A new variant of an Android banking trojan malware was spotted once again by the cybersecurity experts in the Google Play Store.

According to the latest report, the Xenomorph malware which traced its link to the Alien trojan has already infiltrated the app store. Over the past weeks, more than 50,000 downloads for the infected apps have been observed.

Xenomorph Malware in Google Play Store

ThreatFabric, a cybersecurity firm, was the first to discover the activity of the new banking trojan form. Initially, a previous malware was spotted in the same month.

The researchers noted that this trojan is notorious for stealing users' passwords and other confidential information. Besides that, it is known to bypass security protections. This way, it can easily infect smartphones when a user downloads it through an app on the Play Store.

Furthermore, there was also a noticeable app that has been downloaded over 50,000 times in the app store. The malware has made its way to the cleaner app, which was once useful because of its capability to eliminate unused apps.

Although it can really remove clutter in the device, it comes with a price in the form of data-stealing malware.

When a person opens an account through a banking app on the smartphone, this is the time when hackers execute their plan to rob the money from the victims.

Among the notable targets of this banking, trojan is banks in Europe, particularly in Portugal, Italy, Belgium, and Spain. Aside from that, it can also dig its way towards the user's crypto wallets and email addresses.

Xenomorph is Connected to Alien Trojan Malware

In another report by ZDNET, the ThreatFabric researchers noted that the Alien malware has some similarities with the current Xenomorph variant. Both of them rely on a similar HTML resource page when it comes to design.

Apart from that, they also launch state-tracking using a file dubbed "SharedPreferences." It was believed that the original Alien developer of this file was rinGO.

There were also traces of the Cerberus malware in the current Android banking trojan. To add, researchers noticed the obvious pattern of logging strings on them.

"Currently the set of capabilities of Alien is much larger than the one of Xenomorph. However, considering that this new malware is still very young and adopts a strong modular design, it is not hard to predict new features coming in the near future," ThreatFabric researchers told ZDNet.

The experts alerted Google to eliminate the malware from the Play Store. The article included that the group flagged the infected app.

With regards to the malware alert on Android, mobile security firm Pradeo prompted an alert about the spreading Joker malware on the platform. Over the past weeks, it has been spotted on seven Android apps, including Convenient Scanner 2, Separate Doc Scanner, Color Message, Emoji Wallpaper, Fingertip GameBox, Safety AppLock, and Push Message.

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics