Security News > 2022 > February > Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned.
The malware is also a flexible, modular banking trojan, which has code overlaps and other ties to the Alien malware - hence the name.
ThreatFabric observed the malware being loaded by a dropper hiding in a Google Play application called "Fast Cleaner".
Xenomorph periodically polls for new commands from the C2. For now, the commands allow the malware to log SMS messages, list the web injects sent by the C2, enable or disable intercept notifications, and enumerate installed apps.
ThreatFabric's analysis uncovered evidence of code reuse that links Xenomorph to the known Alien malware, which is a descendent of the infamous Cerberus malware.
"Modern banking malware is evolving at a very fast rate, and criminals are starting to adopt more refined development practices to support future updates," researchers concluded.
News URL
https://threatpost.com/xenomorph-malware-google-play-facehugger/178563/
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Fake Homebrew Google ads target Mac users with malware (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)