Security news aggregator

Latest coverage for Xenomorph

The Xenomorph tag covers reported incidents, technical and infrastructure analysis, disruption efforts, and defensive guidance on Android malware.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Xenomorph is an Android banking Trojan: malware intended to steal information from mobile banking and financial applications. Reported capabilities vary by sample, but include displaying fake login screens or overlays, abusing Android accessibility services, intercepting SMS messages, and collecting credentials or other on-device data. Some variants may capture one-time codes or control parts of a session, making multifactor authentication less protective without claiming to defeat every MFA implementation.

The main exposure is installation of a malicious or trojanized app, followed by approval of sensitive permissions. Users and organizations should restrict installation to trusted sources, review accessibility and SMS permissions, and treat unexpected banking-app prompts as suspicious. If infection is suspected, isolate or reset the device, revoke active banking sessions, change credentials from a clean device, and contact the relevant financial institution. Security teams can use mobile telemetry and fraud monitoring to identify unusual accessibility use, overlay activity, SMS access, or transactions associated with a compromised handset.

Volume over time

Weekly headline count for the current query.

Showing 3 most recent headlines Filtered view