Especialistas descobriram malware Xenomorph na Google Play Store

Helga Smithfevereiro 23, 2022Última Actualização Março 10, 2022
50 lido 1 minuto

ThreatFabric experts ter descoberto a new Xenomorph banking Trojan on the Google Play Store (the official Android app store) that attacks users from Spain, Portugal, Italy and Belgium.

The researchers describe the malware as a classic banker that infects Android devices, requests the rights to use the Accessibility service, and then uses them to display fake login screens, overlaying them on top of real banking applications.

Atualmente, descoberto em janeiro can display such overlays for 56 banks in Spain, Portugal, Italy and Belgium, assim como 12 cryptocurrency wallets and 7 email apps.

Xenomorfo na Google Play Store

além do que, além do mais, the malware collects other data about the device and transfers everything received to the cybercriminalscontrol servers. The collected data is later used to access bank accounts and steal funds. If accounts are protected by two-factor authentication, Xenomorph is able to intercept SMS notifications and extract the necessary codes from them.

Contudo, the most annoying thing in this situation is that Xenomorph is distributed through malicious applications in the onde posou como um leitor de código QR and is delivered as a payload during the second stage of infection.

The surfacing of Xenomorph shows, once again, that threat actors are focusing their attention on landing applications on official markets. This is also a signal that the underground market for droppers and distribution actors has increased its activity.ThreatFabric specialists explain.

Xenomorfo na Google Play Store

Até aqui, experts have found only one application distributing XenomorphLimpador Rápido, which was installed on more than 50,000 devices before being removed from the Google Play Store. The application contained the Gymdrop dropper, which successfully passed all Google checks, and after downloading to the victim’s device, it downloaded and installed more powerful malware – descoberto em janeiro.

Although analysts write that Xenomorph is still at the development stage, but it already poses a serious threat, from which and new attacks can definitely be expected in the future. além disso, there is an example of even more sly thingfake VulkanRT library Volexity pesquisadores de segurança cibernética, that in fact contain rootkit.

It is worth noting that the name Xenomorph arose for a reason: experts noticed many signs in the code that linked the malware to the old Estrangeiro banking trojan. assim, they decided to use a similar name, also inspired by the Alien movie series.

Você também pode estar interessado em saber que e seus ataques se tornaram muito mais intensos Telebots e essa Malware Android Malware Android Roaming Mantis tem como alvo usuários de Android e iPhone na Alemanha e França usando ataques de malware e phishing attacks European users.

Tag
Helga Smithfevereiro 23, 2022Última Actualização Março 10, 2022
50 lido 1 minuto

Helga Smith

Sempre me interessei por ciências da computação, especialmente segurança de dados e o tema, que é chamado hoje em dia "ciência de dados", desde minha adolescência. Antes de entrar na equipe de remoção de vírus como editor-chefe, Trabalhei como especialista em segurança cibernética em várias empresas, incluindo um dos contratados da Amazon. Outra experiencia: Eu tenho é professor nas universidades Arden e Reading.

Deixe uma resposta

Este site usa Akismet para reduzir o spam. Saiba como seus dados comentário é processado.

Botão Voltar ao Topo