Experts ontdekten Xenomorph-malware in de Google Play Store

Helga Smithfebruari 23, 2022Laatst bijgewerkt: maart 10, 2022
50 1 minuut lezen

ThreatFabric experts hebben ontdekt a new Xenomorph banking Trojan on the Google Play Store (the official Android app store) that attacks users from Spain, Portugal, Italy and Belgium.

The researchers describe the malware as a classic banker that infects Android devices, requests the rights to use the Accessibility service, and then uses them to display fake login screens, overlaying them on top of real banking applications.

Momenteel, praten over de malware can display such overlays for 56 banks in Spain, Portugal, Italy and Belgium, net zoals 12 cryptocurrency wallets and 7 email apps.

Botnet Cyclops Knipperen

In aanvulling op, the malware collects other data about the device and transfers everything received to the cybercriminalscontrol servers. The collected data is later used to access bank accounts and steal funds. If accounts are protected by two-factor authentication, Xenomorph is able to intercept SMS notifications and extract the necessary codes from them.

Echter, the most annoying thing in this situation is that Xenomorph is distributed through malicious applications in the Google Play Store and is delivered as a payload during the second stage of infection.

The surfacing of Xenomorph shows, once again, that threat actors are focusing their attention on landing applications on official markets. This is also a signal that the underground market for droppers and distribution actors has increased its activity.BedreigingStof specialists explain.

Botnet Cyclops Knipperen

Tot dusver, experts have found only one application distributing XenomorphFast Cleaner, which was installed on more than 50,000 devices before being removed from the Google Play Store. The application contained the Gymdrop dropper, which successfully passed all Google checks, and after downloading to the victim’s device, it downloaded and installed more powerful malware – praten over de malware.

Although analysts write that Xenomorph is still at the development stage, but it already poses a serious threat, from which and new attacks can definitely be expected in the future. Bovendien, there is an example of even more sly thingfake VulkanRT library dat werd gecompromitteerd tijdens een cyberspionagecampagne in de late, that in fact contain rootkit.

It is worth noting that the name Xenomorph arose for a reason: experts noticed many signs in the code that linked the malware to the old Buitenaards wezen banking trojan. Zo, they decided to use a similar name, also inspired by the Alien movie series.

Misschien vind je dat ook interessant om te weten het belangrijkste doel van De regeringen van de VS en het VK waarschuwden voor de en dat Android-malware Zwervende bidsprinkhaan attacks European users.

Tags
Helga Smithfebruari 23, 2022Laatst bijgewerkt: maart 10, 2022
50 1 minuut lezen

Helga Smith

Ik was altijd al geïnteresseerd in informatica, vooral gegevensbeveiliging en het thema, die tegenwoordig heet "datawetenschap", sinds mijn vroege tienerjaren. Voordat je als hoofdredacteur bij het Virus Removal-team komt, Ik heb bij verschillende bedrijven als cybersecurity-expert gewerkt, waaronder een van Amazon's aannemers. Nog een ervaring: Ik heb les aan de universiteiten van Arden en Reading.

Laat een antwoord achter

Deze website maakt gebruik van Akismet om spam te verminderen. Leer hoe je reactie gegevens worden verwerkt.

Terug naar boven knop