Security News > 2022 > February > Xenomorph Malware Burrows into Google Play Users, No Facehugger Required

Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
2022-02-22 18:00

An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned.

The malware is also a flexible, modular banking trojan, which has code overlaps and other ties to the Alien malware - hence the name.

ThreatFabric observed the malware being loaded by a dropper hiding in a Google Play application called "Fast Cleaner".

Xenomorph periodically polls for new commands from the C2. For now, the commands allow the malware to log SMS messages, list the web injects sent by the C2, enable or disable intercept notifications, and enumerate installed apps.

ThreatFabric's analysis uncovered evidence of code reuse that links Xenomorph to the known Alien malware, which is a descendent of the infamous Cerberus malware.

"Modern banking malware is evolving at a very fast rate, and criminals are starting to adopt more refined development practices to support future updates," researchers concluded.


News URL

https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 141 995 4921 2871 1623 10410