• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Hadoken Security Group Upgrades Xenomorph Mobile Malware

You are here: Home / General Cyber Security News / Hadoken Security Group Upgrades Xenomorph Mobile Malware
March 10, 2023

A new variant of the Xenomorph Android banking trojan has been noticed by ThreatFabric security researchers and classified as Xenomorph.C.

The variant, developed by the risk actor identified as Hadoken Security Team, signifies a significant update from the malware beforehand observed by ThreatFabric, in accordance to an advisory published by the business earlier these days.

“This new edition of the malware provides a lot of new abilities to an previously characteristic-loaded Android Banker, most notably the introduction of a really extensive runtime engine powered by Accessibility solutions, which is utilized by actors to apply a entire ATS [Automated Transfer Systems] framework,” reads the technical produce-up.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Thanks to its new characteristics, Xenomorph.C can now get started specified apps, show press notifications, steal cookies and ahead calls, amid other features.

“Xenomorph v3 is able of executing the whole fraud chain, from an infection, with the support of Zombinder, to the automatic transfer applying ATS, passing by PII exfiltration working with keylogging and overlay attacks,” ThreatFabric wrote.

“In addition, the samples discovered by ThreatFabric featured configurations with focus on lists designed of extra than 400 banking and money establishments, including several cryptocurrency wallets.”

This figure represents a sixfold increase in targets when compared to prior variants.

In accordance to the cybersecurity company, the advancement in recognition of Xenomorph.C can also be linked with Hadoken Security Team establishing a web-site to market it.

“The web-site focused to the ad of this Android Banker [indicates] very clear intentions of coming into the MaaS [Malware-as-a-Service] landscape and [starting] massive-scale distribution,” reads the advisory.

“This operation is normal of far more advanced malware households, these as Gustuff and SharkBot, which have triggered 1000’s of Euros value of destruction in the direction of their specific institutions,” ThreatFabric defined.

The workforce also spotted Xenomorph.C remaining distributed by way of third-party hosting services, mostly the Discord material shipping network (CDN).

“ThreatFabric expects Xenomorph to enhance in quantity, with the likelihood of getting [once] once again distributed by using droppers on the Google Perform Keep,” warned the business.

The malware was also talked about in Flashpoint’s 2022 Money Threat Landscape report as a single of the most well-known trojans energetic in 2022.


Some pieces of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News White House Allocates $3.1bn to Cybersecurity in New Budget
Next Post: BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads batloader malware uses google ads to deliver vidar stealer and»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.