Creepy-sounding Xenomorph banking trojan is just the latest to be discovered in Play Store apps


Nuke this menace from orbit or it’s game over, man, game over

The Android app ecosystem gives developers leeway for creativity, but the trade-off is that hackers also get creative with malware. These dangerous apps can end up in Google’s Play Store and aren’t always removed as quickly as we’d hope, often through clever concealment. The most recent example is the Xenomorph banking trojan, which targets Android users across Europe.


Hidden Xenomorph in Play Store

As discovered by Threat Fabric, a dropper malware was hiding inside Fast Cleaner, an app that was supposed to be a solution to get rid of digital clutter and increase battery efficiency. Hiding code like this in a seemingly normal application is a common way to hide malware.


Droppers are programs designed to grab code from elsewhere and load it onto your device, and in this case the dropper was previously known to Threat Fabric for delivering another banking trojan dubbed Alien – between that and other similarities with Alien’s code, it only seemed appropriate for the company to name this latest Trojan Xenomorph.

The malware is still relatively new, but researchers have determined that it begins with an overlay attack – that is, when a bad application places a window on top to hide a legitimate one. Thinking everything is fine, users are then tricked into interacting with the overlay, which ends up giving their data to the malware. It’s a pretty sneaky way to steal a host of vulnerable data like login credentials for online banking apps. Once Xenomorph is launched, it monitors your activity and when you open any app on its target list, it injects this overlay with its fake interface that makes you think you are working directly with your bank. Threat Fabric reports that this list contains names of banks in Spain, Portugal, Italy, and Belgium in addition to some crypto wallets and messaging apps.

It looks like Xenomorph is still in an early stage of development, though Threat Fabric fears it has “a lot of untapped potential.” If you have installed the Fast Cleaner app – it has been downloaded over 50,000 times, many people are concerned – your device is not in very good condition. The malware contains features designed to prevent deletion attempts, so you may be forced to wipe your phone completely. Where is a good cleaning app when you need it?

How to use a VPN through the Google One app

Secure your browsing

Read more

About the Author


About Author

Comments are closed.