Scary-sounding Xenomorph banking trojan is only the latest to be discovered in Play Store apps
The Android app ecosystem gives developers room for creativity — but the trade-off is that hackers are getting creative with malware, too. Suchdangerous appscan end up in Google’s Play Store and don’t always get pulled as quickly as we’d hope, often thanks to clever concealment. The most recent example is the banking trojan Xenomorph, which has been targeting Android users across Europe.
As discovered byThreat Fabric, dropper malware was hiding inside Fast Cleaner, an apppurporting to be a solutionfor getting rid of digital clutter and boosting battery efficiency. Concealing code like that within a seemingly normal app is acommon wayto hidemalicious software.
Droppers are programs designed to retrieve code from somewhere else and load it onto your device, and in this case the dropper was one previously known to Threat Fabric for delivering another banking trojan dubbed Alien — between that and other similarities with Alien’s code, itonly seemed fittingfor the firm to name this latest trojan Xenomorph.
The malware is still relatively new, but researchers have determined that it starts with an overlay attack — that’s when a bad app puts a window on top to mask a legitimate one. Thinking everything looks fine, users are then fooled into interacting with the overlay, which ends up feeding their data to the malware. It’s a pretty sneaky way to steal a host of vulnerable data like login credentials for online banking apps. Once Xenomorph is launched, it monitors your activity and when you open an app on its target list, it injects that overlay with its fake interface that makes you think you’re working directly with your bank. Threat Fabric reports that this list contains names of banks in Spain, Portugal, Italy, and Belgium in addition to some crypto wallets and email apps.
It looks like Xenomorph is still in an early stage of development, though Threat Fabric fears it has “a lot of untapped potential.” If you’ve installed the Fast Cleaner app — it has been downloaded over 50,000 times so plenty of people are affected — your device is not in great shape. The malware contains features designed to prevent efforts to remove it, so you may be stuck having to fully wipe your phone. Where’s a good cleaner app when you need it?
Broader branding hints at wider paid-tier ambitions
The note-taking app I should have used all along
M3 Expressive now refreshes the chat screen
Tidal is the best app for streaming music
This article is sponsored by Total Wireless.
Stop me if you’ve heard this one before
