A new malware called Xenomorph is targeting Android users around the world. The malware spreads through applications in the Google Play Store that have been downloaded more than 50,000 times.
Researchers at cybersecurity company Threat Fabric found Xenomorph malware in the Fast Cleaner application that claims to boost phone performance. This is a classic strategy used by malware spreaders because there are always users looking for tools to improve the performance of their phones.
To be able to deceive the review process in the Play Store, Fast Cleaner just released a dangerous load after being installed, so the application is still clean when registered.
Xenomorph malware is currently not fully functional because it is still in the development stage. But according to ThreatFabric, this malware carries a significant threat because it can steal banking information and target 56 European banks.
For example, this malware can intercept notifications, log SMS, and use injection to perform overlay attacks. So this malware can already steal credentials and one-time passwords that users usually use to protect their bank accounts.
Upon analysis, ThreatFabric found that the Xenomorph code was similar to that in the Alien banking trojan. This indicates that the two malware are related, either Xenomorph is the successor to Alien or there is a developer who co-developed both.
Banking Trojans such as Xenomorph and Alien are typically launched to steal sensitive information, take over bank accounts, conduct financial transactions without the victim's knowledge, and their operators will sell the victim's data to other interested actors, as quoted by Bleeping Computer, Wednesday (23/2/2022 ).
Although Xenomorph malware is still in development, ThreatFabric says its operator may add more advanced capabilities in the future. Slowly, this malware will reach its full potential and can be in line with other Android banking trojans.
To avoid malware circulating in the Play Store, Android users are advised not to install applications that offer grandiose promises. Always checking reviews left out can also help avoid malicious applications.