SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Xenomorph is the latest banking malware discovered in Play Store apps


Last updated: February 24th, 2022 at 17:08 UTC+02:00

The open-source nature of the Android ecosystem is very fruitful for both the developers and the users. However, this open-source nature has often been an issue for security. It lets hackers get a bit more creative in creating different malware. Infected apps are removed from the Play Store on a regular basis.

Now, Threat Fabric has confirmed the presence of a new banking trojan called Xenomorph. This Xenomorph banking trojan has been targeting Android users across Europe. Going by reports related to this trojan, it is a pretty scary one. Based on the information at hand, Xenomorph has infected users of over 56 different European banks.

The report also confirms that the malware has seen 50,000 installations from the Google Play Store. Notably, this Xenomorph malware was injected inside an app called Fast Cleaner. This app was masked to clean up the junk in your device and improve battery efficiency. But the main aim of the app was to feed your data to the malware.

Xenomorph trojan belongs to the same Gymdrop dropper family that deployed  the Alien trojan

Upon investigation, Threat Fabric found out that this Xenomorph banking trojan is from the Gymdrop dropper family. Apparently, this is the same dropper family that Threat Fabric discovered delivering a trojan dubbed Alien back in November 2021. For the unaware, droppers are programs that are designed to pull codes from some source and deploy them onto your device.

With the Fast Cleaner app, Xenomorph can get access to your login credentials for online banking apps. It monitors your activity and injects an overlay, similar to the original app. You may think that you are working directly with your banking app. In reality, you are giving your account information to this banking trojan.

It seems like Xenomorph is still in its early stages. But Threat Fabric reports that banks from Spain, Portugal, Italy, and Belgium, along with some crypto wallets and email apps, are infected with this trojan.

Join SamMobile’s Telegram group and subscribe to our YouTube channel to get instant news updates and in-depth reviews of Samsung devices. You can also subscribe to get updates from us on Google News and follow us on Twitter.

General MalwareTrojan
Load 0 comments

You might also like