Security News > 2023 > March > Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant
A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal.
"This new version of the malware adds many new capabilities to an already feature-rich Android banker, most notably the introduction of a very extensive runtime engine powered by Accessibility services, which is used by actors to implement a complete ATS framework," the Dutch security firm said in a report shared with The Hacker News.
In contrast, the latest iteration of the banker - which has a dedicated website advertising its features - is designed to target more than 400 banking and financial institutions, including several cryptocurrency wallets.
Xenomorph, like banking malware, is known to abuse Accessibility Services to perform fraud through overlay attacks.
With banks moving away from SMS for two-factor authentication to authenticator apps, the Xenomorph trojan incorporates an ATS module that allows it to launch the app and extract the authenticator codes.
"With these new features, Xenomorph is now able to completely automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," the company said.
News URL
https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html
Related news
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)