Android users need to double-check their phone to ensure they haven’t downloaded a dangerous app found on the Google Play Store. Security experts are warning of an entirely new piece of malware – dubbed Xenomorph – that was mistakenly been downloaded onto thousands of devices. The virus, named after the alien in the iconic Alien film series starring Sigourney Weaver, is designed to steal the login details for online banking accounts.
Worse still, this strain of Android malware has been specifically designed to focus on victims in Europe. According to research from ThreatFabric, the newly-unearthed Android malware is targeting apps of major European banks such as Santander, as well as other financial apps like PayPal and cryptocurrency exchanges.
Xenomorph was first discovered in an application called Fast Cleaner, which was available via the Google Play Store – the official marketplace for apps, games, films, and ebooks for Android users.
The app, downloaded more than 50,000 times, claimed to help improve the performance of an Android device by removing clutter and taking away battery optimisation blocks in order to help speed up a phone.
However, the app was actually being used to spread the Xenomorph malware, which was capable of displaying overlay screens on financial apps in order to steal crucial login details.
If these usernames and passwords fall into the wrong hands it could lead to victims’ accounts being emptied by bad actors. The newly-discovered malware was named Xenomorph as it shares similarities with another banking trojan called Alien, which has also been used to steal login details for financial apps.
Speaking about the newly discovered threat, ThreatFabric said: “Based on the intelligence gathered, users of 56 different European banks are among the targets of this new Android malware trojan, distributed on the official Google Play Store, with more than 50.000 installations.
“Just like the monster protagonist of the famous Ridley Scott’s franchise, this malware shares some aspects with its predecessor. However, despite its obvious ties to one of the most wide-spread malware of the last two years, Xenomorph is radically different from Alien in functionalities.
“This fact, in addition to the presence of not implemented features and the large amount of logging present on the malware, may suggest that this malware might be the in-progress new project of either the actors responsible with the original Alien, or at least of someone familiar with its code base.”
ThreatFabric first discovered the Xenomorph malware this month. So this latest malware campaign looks to be in its infancy.
Since ThreatFabric findings were published, Google has removed the Fast Cleaner app from the Play Store which was being used to spread Xenomorph. So far, the Xenomorph malware has targeted Android users in Spain, Germany, Portugal and Italy.
As of yet, Android users in the UK haven’t been targeted – but with Xenomorph only just being discovered it remains to be seen whether any potential future releases or versions could end up targeting users in Blighty.
Published at Wed, 23 Feb 2022 18:36:23 +0000