A team of computer researchers has identified a new one trojan for Android. Is called Xenomorph and it is designed to empty the victim’s checking accounts – in jargon, it is not by chance referred to as banking malware. The trojan was spread through a number of malicious apps distributed on the Google Play Store, and has already been downloaded over 50,000 times. ThreatFabric, an IT security specialist, has sounded the alarm.
Xenomorph was dubbed this way in honor of the deadly aliens from Ridley Scott’s hit Sci-Fi horror. The choice of the name is not accidental: although it functions very differently, the trojan conceptually takes up many of the functions of Alien, another banking trojan already known to the community of experts. There are two hypotheses: o Xenomorph was created by the same authors as Alienor was created by a malicious actor who had in-depth knowledge of the source code of the previous malware.
Xenomorph targets the apps and services of 56 specific European banks, including 12 Italian banks. Italy is the second privileged target of the trojan, immediately after Spain.
The problem of malware on the Play Store
Round and round, we are faced with yet another stumbling block by Google, which is still struggling to keep its official store clean. Xenomorph spread thanks to some malicious apps distributed on the Google Play Storeand this means that something went wrong in the checks that anticipate the release of each app on the marketplace.
Sure, Xenomorph has been downloaded by a relatively small number of users – 50,000 – but only recently have computer researchers identified and reported even more egregious cases. Last November, ThreatFabric also reported the presence of a malware – Anatsa – downloaded by over 300,000 users. It was hidden in a handful of apparently legitimate apps available on the Play Store, including a QR Code reader. Even more recently it was the turn of Joker, a malware distributed through a significant number of malicious apps that had managed to pass the checks of Google (but also of the Huawei AppGallery).
Among the malicious apps distributed on the Play Store and responsible for the advance of Xenomorph, the researchers of ThreatFabric report ‘Fast Cleaner‘, an app that promised users a number of functions to remove junk files and speed up the smartphone. The app actually did what the description intended, too bad it did something else. In this case, it was what in the jargon is called a ‘dropper‘, that is a program apparently legitimate but in reality programmed to install one or more on the victim’s device malicious files.
Xenomorph is still in its infancy, yet it is already scary
Computer researchers discovered Xenomorph just as they investigated a family of droppers – particularly prolific on the Google marketplace – known by the name Gymdrop. The same already behind the spread of the Alien trojan. And it was only by studying the dropper’s servers that they discovered the presence of two other malware, including the unreleased Xenomorph.
By studying the malware code, ThreatFabric researchers realized that Xenomorph has a lot of attacking features not yet officially implemented in the Trojan. They are still dormant. Translated: Malware is in all likelihood still in an embryonic stage of development. Xenomorph is able to steal the access credentials of current accounts, also managing to intercept and steal notification SMS or other tools used for two-factor authentication.
In this way the criminals are able not only to access the victim’s bank account, but also to carry out unauthorized operations. The victim does not suspect anything until it is too late. It is worth pointing out again that Xenomorph specifically targets Italian users. It is designed to steal the credentials of the following banks: Intesa Sanpaolo Mobile, YouApp, Banca Sella, MyCartaBCC, BNL, Carige Mobile, Banca MPS, Bancaperta, UBI Banca, SCRIGNOapp, BancoPosta and Postepay.
Excellent price-performance ratio, now with an unmissable 34% discount. Discover Oppo Find X3 Lite, now on promotion on Amazon.