Newly-discovered Android malware steals banking app login credentials


Protect Your Access to the Internet

If you purchase an independently reviewed product or service through a link on our website, BGR may receive an affiliate commission.

Earlier this month, security researchers at ThreatFabric discovered a dangerous new trojan. They dubbed it Xenomorph due to its ties with the Alien malware, which started to make the rounds in fall of 2020. But while the code resembles that of Alien, the Xenomorph malware is far more capable. According to ThreatFabric, more than 50,000 Android users have installed a malicious application containing the banking app malware. The threat actors behind the malware are reportedly targeting users of 56 different banks in Europe.

Don’t Miss: Tuesday’s deals: $169 Apple Watch, $39 Roku 4K, $60 off iPad Air, more

Today’s Top Deals

Xenomorph banking app malware discovered

As ThreatFabric notes, hackers are always finding new ways to distribute malicious software through the Google Play store. Google is fighting back, but determined hackers always seem to be one step ahead. One recent, nefarious example was the Fast Cleaner app. It claimed to be capable of speeding up Android phones by removing clutter. But in reality, Fast Cleaner was a dropper for the Xenomorph banking app malware.

Here’s what ThreatFabric found after analyzing the application:

Upon analysis, we recognized this application as belonging to the Gymdrop dropper family. Gymdrop is a dropper family discovered by ThreatFabric in November 2021. Previously it was observed deploying a Alien.A payload. From the configuration downloaded by the dropper, ThreatFabric was able to confirm that this dropper family continues to adopt this malware family as its payload. However, contrary to the past, the server hosting the malicious code also contained two other malware families, which were also returned instead of Alien, based on specific triggers.

In addition to distributing the Alien and Exobot trojans, the app also contained a brand new malware family. And that’s how ThreatFabric first discovered Xenomorph.

A comprehensive list of the Xenomorph banking app malware's capabilities.

A comprehensive list of the Xenomorph banking app malware’s capabilities.

What can Xenomorph do?

ThreatFabric says Xenomorph is still under development, but is already capable of wreaking…