Xenomorph: the new malware that steals your bank details
The list of malware that has appeared in recent months is growing tirelessly. These rogue software do pirate fortune and flow many digital tears from the eyes of the poor cheated victims. Each has its own speciality, as if the malicious actors took malicious pleasure in dividing up the market. BluStealer targets your cryptocurrencies; Joker and GriftHorse subscribe you to premium SMS services without asking your opinion; FluBot specializes in data theft… There really is something for everyone. Xenomorph, the latest arrival, rather attacks to your bank account.
Xenomorph enters the arena
Google is doing everything it can to prevent the presence of malware in the applications on its Play Store, but hackers are doing everything on their side to undermine their vigilance. This is how spoofed applications sometimes invite themselves into the great round of possibilities. Recently, computer security researchers from ThreatFabric have discovered a new threat well hidden under cover to help you. She is indeed hidden in the Fast Cleaner app which promises to improve your battery performance and clean up your smartphone. This is not the case, as you can imagine, since its primary purpose is above all to conceal a banking Trojan horse. The latter, known by the frightening nickname of Xenomorph (like the creature from the films of the saga Alien), can steal your credentials and even intercept double authentication SMS.
In the beginning of February, ThreatFabric discovered #Xenomorpha brand new Android malware family with ties to another infamous Android malware banking trojan.
Can you guess which one? 😉
Blog-post coming soon. Stay tuned! pic.twitter.com/fPbUEa151s
— ThreatFabric (@ThreatFabric) February 18, 2022
How does it work ? When you install Fast Cleaner on your device, it asks you for accessibility rights which allows it to schedule overlay screen attacks. Thus, when Xenomorph spots the opening of a banking app (56 would be on the list of those it targets), it automatically generates a new screen which is placed discreetly on the interface by taking up the graphic codes. You then think of entering your identifiers in the application while you send them against your will to hackers. The malware can also intercept SMS for double authentication by code.
Looking for targets
For now, only Belgium, Spain, Portugal and Italy have seen the emergence of Xenomorph in their respective territories. Nevertheless, Fast Cleaner having already been downloaded over 50,000 times, it’s a safe bet that hackers have already had fun siphoning bank accounts. While this app is likely to disappear, that doesn’t mean the malware won’t return hidden in the bowels of another. Being precisely in its infancy, it will no doubt soon make its return in an even more muscular version.
If this new malware bears a name that refers to the saga initiated by Ridley Scott, it is because certain clues discovered in the malware suggest that it is the work of the same parents as the infamous Alien. This Trojan horse is even stronger than Xenomorph in mastering deception by false login screen superimposed since it generates for more than 225 applications, including Facebook, Deezer or Amazon. Enough to gorge on data and identifiers and wreak havoc among the victims.
If your phone is a bit slow at the moment, we still advise you to stay away from Fast Cleaner. For those who have already downloaded it, get rid of it at high speed and check your bank accounts for strange expenses that you did not instigate. Remember also that your bank must reimburse the expenses related to fraudulent use, so contact your legal protection if you have one…