• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Hadoken Security Group Upgrades Xenomorph Mobile Malware

You are here: Home / General Cyber Security News / Hadoken Security Group Upgrades Xenomorph Mobile Malware
March 10, 2023

A new variant of the Xenomorph Android banking trojan has been noticed by ThreatFabric security researchers and classified as Xenomorph.C.

The variant, developed by the risk actor identified as Hadoken Security Team, signifies a significant update from the malware beforehand observed by ThreatFabric, in accordance to an advisory published by the business earlier these days.

“This new edition of the malware provides a lot of new abilities to an previously characteristic-loaded Android Banker, most notably the introduction of a really extensive runtime engine powered by Accessibility solutions, which is utilized by actors to apply a entire ATS [Automated Transfer Systems] framework,” reads the technical produce-up.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Thanks to its new characteristics, Xenomorph.C can now get started specified apps, show press notifications, steal cookies and ahead calls, amid other features.

“Xenomorph v3 is able of executing the whole fraud chain, from an infection, with the support of Zombinder, to the automatic transfer applying ATS, passing by PII exfiltration working with keylogging and overlay attacks,” ThreatFabric wrote.

“In addition, the samples discovered by ThreatFabric featured configurations with focus on lists designed of extra than 400 banking and money establishments, including several cryptocurrency wallets.”

This figure represents a sixfold increase in targets when compared to prior variants.

In accordance to the cybersecurity company, the advancement in recognition of Xenomorph.C can also be linked with Hadoken Security Team establishing a web-site to market it.

“The web-site focused to the ad of this Android Banker [indicates] very clear intentions of coming into the MaaS [Malware-as-a-Service] landscape and [starting] massive-scale distribution,” reads the advisory.

“This operation is normal of far more advanced malware households, these as Gustuff and SharkBot, which have triggered 1000’s of Euros value of destruction in the direction of their specific institutions,” ThreatFabric defined.

The workforce also spotted Xenomorph.C remaining distributed by way of third-party hosting services, mostly the Discord material shipping network (CDN).

“ThreatFabric expects Xenomorph to enhance in quantity, with the likelihood of getting [once] once again distributed by using droppers on the Google Perform Keep,” warned the business.

The malware was also talked about in Flashpoint’s 2022 Money Threat Landscape report as a single of the most well-known trojans energetic in 2022.


Some pieces of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News White House Allocates $3.1bn to Cybersecurity in New Budget
Next Post: BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads batloader malware uses google ads to deliver vidar stealer and»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Free decryptor released for Conti ransomware variant infecting hundreds of organisations
  • Bitwarden to release fix for four-year-old vulnerability
  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter
  • New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
  • A New Security Category Addresses Web-borne Threats
  • ICO Reprimands Metropolitan Police for Data Snafu
  • Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
  • Russian Military Preparing New Destructive Attacks: Microsoft
  • Podcast transcript: The changing face of cyber warfare
  • Vishing Campaign Targets Social Security Administration

Copyright © TheCyberSecurity.News, All Rights Reserved.