Security News > 2023 > March > Xenomorph Android malware now steals data from 400 banks
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system framework and the ability to steal credentials for 400 banks.
"With these new features, Xenomorph is now able to complete automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," warns ThreatFabric.
Currently, Xenomorph v3 is being distributed via the 'Zombinder' platform on the Google Play store, posing as a currency converter and switching to using a Play Protect icon after installing the malicious payload. New Xenomorph targets.
The most notable feature introduced in the new Xenomorph version is the ATS framework, which enables cybercriminals to extract credentials automatically, check account balances, conduct transactions, and steal money from target apps without performing remote actions.
In addition to the above, the new Xenomorph features a cookies stealer that can snatch cookies from the Android CookieManager, which stores the user's session cookies.
Xenomorph was a notable new malware entering the cybercrime space a year ago.
News URL
Related news
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (source)