A new variant of the Xenomorph Android banking trojan has been noticed by ThreatFabric security researchers and classified as Xenomorph.C.
The variant, developed by the risk actor identified as Hadoken Security Team, signifies a significant update from the malware beforehand observed by ThreatFabric, in accordance to an advisory published by the business earlier these days.
“This new edition of the malware provides a lot of new abilities to an previously characteristic-loaded Android Banker, most notably the introduction of a really extensive runtime engine powered by Accessibility solutions, which is utilized by actors to apply a entire ATS [Automated Transfer Systems] framework,” reads the technical produce-up.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
Thanks to its new characteristics, Xenomorph.C can now get started specified apps, show press notifications, steal cookies and ahead calls, amid other features.
“Xenomorph v3 is able of executing the whole fraud chain, from an infection, with the support of Zombinder, to the automatic transfer applying ATS, passing by PII exfiltration working with keylogging and overlay attacks,” ThreatFabric wrote.
“In addition, the samples discovered by ThreatFabric featured configurations with focus on lists designed of extra than 400 banking and money establishments, including several cryptocurrency wallets.”
This figure represents a sixfold increase in targets when compared to prior variants.
In accordance to the cybersecurity company, the advancement in recognition of Xenomorph.C can also be linked with Hadoken Security Team establishing a web-site to market it.
“The web-site focused to the ad of this Android Banker [indicates] very clear intentions of coming into the MaaS [Malware-as-a-Service] landscape and [starting] massive-scale distribution,” reads the advisory.
“This operation is normal of far more advanced malware households, these as Gustuff and SharkBot, which have triggered 1000’s of Euros value of destruction in the direction of their specific institutions,” ThreatFabric defined.
The workforce also spotted Xenomorph.C remaining distributed by way of third-party hosting services, mostly the Discord material shipping network (CDN).
“ThreatFabric expects Xenomorph to enhance in quantity, with the likelihood of getting [once] once again distributed by using droppers on the Google Perform Keep,” warned the business.
The malware was also talked about in Flashpoint’s 2022 Money Threat Landscape report as a single of the most well-known trojans energetic in 2022.
Some pieces of this write-up are sourced from:
www.infosecurity-magazine.com