Bazen WindowsApp3.exe virüsünü yüklü program olarak bulmak kolay bir iş olmayabilir.

ThreatFabric experts keşfetti a new Xenomorph banking Trojan on the Google Play Store (the official Android app store) that attacks users from Spain, Portugal, Italy and Belgium.

The researchers describe the malware as a classic banker that infects Android devices, requests the rights to use the Accessibility service, and then uses them to display fake login screens, overlaying them on top of real banking applications.

Şu anda, Kötü Amaçlı Yazılım Tekrar Google Play Store'a Sızıyor can display such overlays for 56 banks in Spain, Portugal, Italy and Belgium, birlikte 12 cryptocurrency wallets and 7 e-posta uygulamaları.

Botnet Tepegöz Yanıp Söner

Ek olarak, the malware collects other data about the device and transfers everything received to the cybercriminalscontrol servers. The collected data is later used to access bank accounts and steal funds. If accounts are protected by two-factor authentication, Xenomorph is able to intercept SMS notifications and extract the necessary codes from them.

ancak, the most annoying thing in this situation is that Xenomorph is distributed through malicious applications in the Google Oyun mağazası and is delivered as a payload during the second stage of infection.

The surfacing of Xenomorph shows, once again, that threat actors are focusing their attention on landing applications on official markets. This is also a signal that the underground market for droppers and distribution actors has increased its activity.Tehdit Kumaşı specialists explain.

Botnet Tepegöz Yanıp Söner

Şu ana kadar, experts have found only one application distributing XenomorphHızlı Temizleyici, which was installed on more than 50,000 devices before being removed from the Google Play Store. The application contained the Gymdrop dropper, which successfully passed all Google checks, and after downloading to the victim’s device, it downloaded and installed more powerful malware – Kötü Amaçlı Yazılım Tekrar Google Play Store'a Sızıyor.

Although analysts write that Xenomorph is still at the development stage, but it already poses a serious threat, from which and new attacks can definitely be expected in the future. Dahası, there is an example of even more sly thingfake VulkanRT library geç saatlerde bir siber casusluk kampanyası sırasında güvenliği ihlal edildi, that in fact contain rootkit.

It is worth noting that the name Xenomorph arose for a reason: experts noticed many signs in the code that linked the malware to the old Yabancı banking trojan. Yani, they decided to use a similar name, also inspired by the Alien movie series.

Bunu bilmek de ilginizi çekebilir ve ABD ve Avrupa'da tanınmış üniversiteler analistler, Cyclops Blink'in birkaç model için tasarlanmış özel bir modüle sahip olduğunu yazdı. ve şu Android kötü amaçlı yazılım gezgin peygamber devesi attacks European users.

Helga Smith

Bilgisayar bilimlerine her zaman ilgi duymuşumdur., özellikle veri güvenliği ve tema, günümüzde denilen "veri bilimi", ilk gençlik yıllarımdan beri. Baş Editör olarak Virüs Temizleme ekibine gelmeden önce, Birkaç şirkette siber güvenlik uzmanı olarak çalıştım, Amazon'un yüklenicilerinden biri dahil. Başka bir deneyim: Arden ve Reading üniversitelerinde öğretmenlik var.

Cevap bırakın

Bu site spam azaltmak için Akismet kullanır. Yorumunuz verileri işlenirken öğrenin.

Başa dön tuşu