• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new android banking trojan spreading via google play store targets

New Android Banking Trojan Spreading via Google Play Store Targets Europeans

You are here: Home / General Cyber Security News / New Android Banking Trojan Spreading via Google Play Store Targets Europeans
February 21, 2022

A new Android banking trojan with over 50,000 installations has been observed distributed through the formal Google Engage in Retailer with the intention of focusing on 56 European banking companies and carrying out harvesting delicate info from compromised units.

Dubbed Xenomorph by Dutch security agency ThreatFabric, the in-improvement malware is claimed to share overlaps with yet another banking trojan tracked beneath the moniker Alien although also remaining “radically distinct” from its predecessor in conditions of the functionalities available.

“Regardless of remaining a perform-in-development, Xenomorph is currently sporting efficient overlays and remaining actively dispersed on formal application shops,” ThreatFabric’s founder and CEO, Han Sahin, mentioned. “In addition, it features a really detailed and modular engine to abuse accessibility expert services, which in the long run could ability really highly developed abilities, like ATS.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

Alien, a distant entry trojan (RAT) with notification sniffing and authenticator-based 2FA theft functions, emerged shortly after the demise of the infamous Cerberus malware in August 2020. Because then, other forks of Cerberus have been noticed in the wild, which includes ERMAC in September 2021.

Xenomorph, like Alien and ERMAC, is but yet another case in point of an Android banking trojan which is targeted on circumventing Google Play Store’s security protections by masquerading as productivity applications these kinds of as “Fast Cleaner” to trick unaware victims into putting in the malware.

Android Banking Trojan

It is value noting that a conditioning education dropper app with in excess of 10,000 installations — dubbed GymDrop — was discovered providing the Alien banking trojan payload in November by masking it as a “new package of workout workout routines.”

Quick Cleaner, which has the offer name “vizeeva.rapidly.cleaner” and continues to offered on the app retail store, has been most popular in Portugal and Spain, data from cellular app current market intelligence company Sensor Tower reveals, with the application producing its to start with visual appearance in the Perform Retail outlet in the direction of the conclude of January 2022.

What is actually a lot more, assessments for the application from consumers warned that “this app has malware” and that it “question[s] for an update to be verified continually.” Yet another person stated: “It puts malware on the device and apart from that it has a self-protection system so that you are not able to uninstall it.”

Prevent Data Breaches

Also put to use by Xenomorph is the time-tested tactic of prompting the victims to grant it Accessibility Service privileges and abuse the permissions to carry out overlay attacks, whereby the malware injects rogue overlay screens atop targeted apps from Spain, Portugal, Italy, and Belgium to siphon credentials and other private facts.

Furthermore, it can be geared up with a notification interception function to extract two-factor authentication tokens gained by using SMS, and get the record of put in apps, the success of which are exfiltrated to a remote command-and-manage server.

“The surfacing of Xenomorph reveals, as soon as yet again, that threat actors are focusing their attention on landing applications on formal markets,” the researchers claimed. “Present day Banking malware is evolving at a extremely rapid amount, and criminals are setting up to undertake far more refined development practices to assistance potential updates.”

Found this posting fascinating? Observe THN on Fb, Twitter  and LinkedIn to go through far more exceptional content we post.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «iranian state broadcaster irib hits by destructive wiper malware Iranian State Broadcaster IRIB Hits by Destructive Wiper Malware
Next Post: Maryland Couple Conspired to Sell Nuclear Secrets Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.