Security News > 2022 > February > Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned.
The malware is also a flexible, modular banking trojan, which has code overlaps and other ties to the Alien malware - hence the name.
ThreatFabric observed the malware being loaded by a dropper hiding in a Google Play application called "Fast Cleaner".
Xenomorph periodically polls for new commands from the C2. For now, the commands allow the malware to log SMS messages, list the web injects sent by the C2, enable or disable intercept notifications, and enumerate installed apps.
ThreatFabric's analysis uncovered evidence of code reuse that links Xenomorph to the known Alien malware, which is a descendent of the infamous Cerberus malware.
"Modern banking malware is evolving at a very fast rate, and criminals are starting to adopt more refined development practices to support future updates," researchers concluded.
News URL
https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/
Related news
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Fake Google Meet conference errors push infostealing malware (source)