Xenomorph Android Malware Targets Bank Customers

Attacks against Android devices are continuing to become a common occurrence. One of the latest malware families to go after the most popular mobile operating system is called Xenomorph. Allegedly, the Xenomorph Android Malware shares many similarities with an earlier Android Trojan called Alien. Researchers suspect that the recently discovered sample might be an upgraded version of the Alien Malware, or the same team might be behind it.

Unfortunately, the Xenomorph Android Malware campaign appears to be quite successful – with over 50,000 active installs at the time of writing this article. The criminals are spreading it through malicious apps hosted on the Google Play Store. The apps in question may often be disguised as useful tools and games that users might be tempted to install. It appears that the Xenomorph Android Malware operators are actively targeting customers of various financial institutions in Belgium, Italy, Portugal, and Spain.

Just like other Android Banking Trojans, the Xenomorph Android Malware also has capabilities focusing on spying on the user's activities, and interacting with the screen. It is able to intercept notifications, read text messages, and inject overlays on top of dozens of banking sites and apps. The criminals use these capabilities to phish login credentials, as well as to bypass two-factor authentication.

Just like other similar Android malware, this one also does all this by abusing the Android Accessibility Service – victims are asked to grant the malicious app permission to use this. It is worth mentioning that the Xenomorph Android Malware functionality appears to receive regular upgrades, so this might not even be the malware's final form. Android users should not hesitate to enhance their device's protection with the use of up-to-date antivirus software – this is incredibly important if you also use your phone for payments and banking operations.

February 22, 2022