• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
these two google play store apps spotted distributing xenomorph banking

These Two Google Play Store Apps Spotted Distributing Xenomorph Banking Trojan

You are here: Home / General Cyber Security News / These Two Google Play Store Apps Spotted Distributing Xenomorph Banking Trojan
November 11, 2022

Google has removed two new malicious dropper apps that have been detected on the Play Retail outlet for Android, 1 of which posed as a way of life application and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals qualifications from banking apps on users’ units,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi explained in an assessment revealed Thursday.

“It is also able of intercepting users’ SMS messages and notifications, enabling it to steal just one-time passwords and multi-factor authentication requests.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cybersecurity firm stated it also observed an expenditure tracker application that exhibited similar conduct, but observed that it could not extract the URL employed to fetch the malware artifact.

Xenomorph Banking Trojan

The two malicious applications are as follows –

  • Todo: Working day manager (com.todo.daymanager)
  • 経費キーパー (com.setprice.costs)

The two the applications operate as a dropper, that means the apps them selves are harmless and are a conduit to retrieve the true payload, which, in the situation of Todo, is hosted on GitHub.

CyberSecurity

Xenomorph, initially documented by ThreatFabric previously this February, is acknowledged to abuse Android’s accessibility permissions to perform overlay attacks, whereby bogus login screens are offered atop legit financial institution applications to steal victim’s credentials.

What is extra, the malware leverages a Telegram channel’s description to decode and construct the command-and-control (C2) domain made use of to get extra instructions.

The development follows the discovery of 4 rogue applications on Google Participate in that have been uncovered directing victims to destructive websites as element of an adware and information and facts-thieving campaign. Google informed The Hacker Information that it has due to the fact banned the developer.

Uncovered this post interesting? Adhere to THN on Fb, Twitter  and LinkedIn to read through a lot more special content we article.


Some pieces of this write-up are sourced from:
thehackernews.com

Previous Post: «vpn vs. dns security VPN vs. DNS Security
Next Post: #IRISSCON: Social Engineering Testers Warned Not to Cross Ethical and Legal Boundaries Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.