"Cryptocurrency Wallets Targeted by Alien Malware Variant"

Xenomorph is a new banking Trojan that has targeted 56 European banks. It is connected to the Alien Trojan family and has been discovered being distributed via the Google Play Store. There were over 50,000 installations of the malicious app. According to researchers, Xenomorph is significantly different from its predecessor, but is suspected of having been developed by the same actor or another person who is familiar with the coding. Although Xenomorph remains active in targeting banks, it now has the capability to target cryptocurrency wallets. Like many other Android banking Trojans, Xenomorph's primary attack vector is an overlay attack mechanism in which the attacker places a window over a running app to trick its victims into revealing Personal Identifiable Information (PII). The developers of Xenomorph combined this feature with the ability to use SMS and call interception, thus enabling them to log and use two-factor authentication tokens. The researchers say the app will constantly request Accessibility Services privileges until the user grants those privileges. The Accessibility engine that powers this malware in conjunction with the infrastructure and C2 protocol have been found to be designed as scalable and updatable. The researchers found out that the Fast Cleaner application, presented as a speed-boosting app for clearing storage space, belonged to the GymDrop family, which was previously seen deploying an Alien A payload. The threat actor can spy on a user and collect additional data using keystroke logging capabilities. ThreatFabric said the alleged designer took credit for the Alien variant in a darknet forum. Alien, which is a popular choice among threat actors looking for access to tools to deploy Malware-as-a-Service (MaaS) campaigns, seems to be a spin-off of the now inactive Cerberus malware. Alien malware has many capabilities similar to those of Xenomorph, such as keystroke logging, push notifications, the ability to hide what the app is doing, and more. This article continues to discuss findings surrounding Xenomorph, the Alien Android family, and the circumvention of authentic app stores to launch attacks. 

BankInfoSecurity reports "Cryptocurrency Wallets Targeted by Alien Malware Variant"