More than 30 US Banks Targeted in New Xenomorph Malware Campaign
ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update
The Xenomorph tag covers reported incidents, technical and infrastructure analysis, disruption efforts, and defensive guidance on Android malware.
Search across headline titles and summaries.
Background for this topic.
Xenomorph is an Android banking Trojan: malware intended to steal information from mobile banking and financial applications. Reported capabilities vary by sample, but include displaying fake login screens or overlays, abusing Android accessibility services, intercepting SMS messages, and collecting credentials or other on-device data. Some variants may capture one-time codes or control parts of a session, making multifactor authentication less protective without claiming to defeat every MFA implementation.
The main exposure is installation of a malicious or trojanized app, followed by approval of sensitive permissions. Users and organizations should restrict installation to trusted sources, review accessibility and SMS permissions, and treat unexpected banking-app prompts as suspicious. If infection is suspected, isolate or reset the device, revoke active banking sessions, change credentials from a clean device, and contact the relevant financial institution. Security teams can use mobile telemetry and fraud monitoring to identify unusual accessibility use, overlay activity, SMS access, or transactions associated with a compromised handset.
Weekly headline count for the current query.
ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update
An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S
The Trojan had mainly been infecting banks in Europe since it first surfaced more than one year ago.
Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. [...]
The trojan can now start specified applications, show push notifications, steal cookies and more
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks. [...]
A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal
Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.
A new malware called Xenomorph distributed through Google Play Store has infected more than 50,000 Android devices to steal banking information. [...]