Security News > 2023 > March > Xenomorph Android malware now steals data from 400 banks
The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system framework and the ability to steal credentials for 400 banks.
"With these new features, Xenomorph is now able to complete automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," warns ThreatFabric.
Currently, Xenomorph v3 is being distributed via the 'Zombinder' platform on the Google Play store, posing as a currency converter and switching to using a Play Protect icon after installing the malicious payload. New Xenomorph targets.
The most notable feature introduced in the new Xenomorph version is the ATS framework, which enables cybercriminals to extract credentials automatically, check account balances, conduct transactions, and steal money from target apps without performing remote actions.
In addition to the above, the new Xenomorph features a cookies stealer that can snatch cookies from the Android CookieManager, which stores the user's session cookies.
Xenomorph was a notable new malware entering the cybercrime space a year ago.
News URL
Related news
- Finland warns of Android malware attacks breaching bank accounts (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Android malware Grandoreiro returns after police disruption (source)