ผู้เชี่ยวชาญค้นพบมัลแวร์ Xenomorph ใน Google Play Store
ThreatFabric experts ได้ค้นพบแล้ว a new Xenomorph banking Trojan on the Google Play Store (the official Android app store) that attacks users from Spain, Portugal, Italy and Belgium.
The researchers describe the malware as a classic banker that infects Android devices, requests the rights to use the Accessibility service, and then uses them to display fake login screens, overlaying them on top of real banking applications.
Currently, ซีโนมอร์ฟ can display such overlays for 56 banks in Spain, Portugal, Italy and Belgium, as well as 12 cryptocurrency wallets and 7 email apps.
นอกจากนี้, the malware collects other data about the device and transfers everything received to the cybercriminals’ control servers. The collected data is later used to access bank accounts and steal funds. If accounts are protected by two-factor authentication, Xenomorph is able to intercept SMS notifications and extract the necessary codes from them.
อย่างไรก็ตาม, the most annoying thing in this situation is that Xenomorph is distributed through malicious applications in the Google Play Store and is delivered as a payload during the second stage of infection.
จนถึงตอนนี้, experts have found only one application distributing Xenomorph – Fast Cleaner, which was installed on more than 50,000 devices before being removed from the Google Play Store. The application contained the Gymdrop dropper, which successfully passed all Google checks, and after downloading to the victim’s device, it downloaded and installed more powerful malware – ซีโนมอร์ฟ.
Although analysts write that Xenomorph is still at the development stage, but it already poses a serious threat, from which and new attacks can definitely be expected in the future. นอกจากนี้, there is an example of even more sly thing – fake VulkanRT library for Windows, that in fact contain rootkit.
คุณอาจสนใจที่จะรู้ว่า FritzFrog botnet is active again และนั่น Android malware Roaming Mantis attacks European users.
