Software that steals Android users’ banking app login information has been made by the Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT). The CSIRT has found it.
According to a security advisory from the NCC CSIRT, the malicious software known as “Xenomorph” has a high impact and a high vulnerability rate. It was discovered to target 56 financial institutions in Europe. The primary objective of this infection is to steal passwords and then log in and use potential two-factor authentication tokens via SMS and notification interception. The Xenomorph is spread via a programme snuck into the Google Play store and masquerading as a legal application called “Fast Cleaner,” which is apparently intended to clean garbage, boost device speed, and maximize battery life. In reality, this app is just a way to spread the Xenomorph Trojan quickly and easily.
Read Also : A Trojan horse for Android devices called Xenomorph has the ability to compromise over 56 different financial apps.
Before the malware was installed on the remote server, “Fast Cleaner” was given out. This made it hard for Google to figure out that the software was being used for bad things.
Once installed on a victim’s device, Xenomorph can capture device and Short Messaging Service (SMS) information, intercept notifications and new SMS messages, conduct overlay attacks, and block users from deleting them. Additionally, the threat requests Accessibility Services credentials, which enables it to grant itself additional permissions.
Additionally, the CSIRT stated that the malware takes victims’ banking information by superimposing false login sites on top of legitimate ones.