Threatfabric, an online fraud detection business, recently disclosed that over 50,000 Android users have installed a Trojan that is capable of targeting over fifty-six banking apps.
The Xenomorph, an alien species, inspired the name of this malware. At the moment, it only offers a few possibilities. However, the trojan appears to be in its early stages of development. It is reasonable to assume that the next version will be more capable.
According to ThreatFabric, the fact that this malware continues to request repeated logins may indicate that it is not yet ready. The malware could have been created by the individuals responsible for the initial alien species, or it could have been created by someone who knows which code was used in the original version.
By installing rogue apps from the Google Play Store for Android, the malware can be installed on a device. Recently, an app purporting to speed up a smartphone was discovered to have been previously controlled by a trojan and was effectively used to target over 50,000 consumers under the moniker Fast Cleaner.
Read Also: The NCC CSIRT Discovers Malware That Targets Banking Applications
After infiltrating the system, the Xenomorph is able to extract all personal data, including text messages. It is even capable of preventing the victim from uninstalling the application. This is a simple method for malware to take control of the system.
The software can even steal banking information by displaying a counterfeit login window. With access to a user’s text messages, the malware can infiltrate other programmes without requiring a two-factor authentication.
It operates by routing downloaded overlays for various financial applications to its command and control centre. This centre provides the user with a bogus log-in page that collects the user’s information.
Read Also : Data Protection A Blessing or A Curse
According to ThreatFabric, the virus communicates with its command and control centre only the overlay, not the logged data. The trojan has thus far targeted applications from a variety of nations, including Spain, Italy, and Belgium.
Additionally, ThreatFabric stated that the malware has a great deal of potential to evolve into a more dangerous form. Future versions of this malware may be capable of stealing further data.