Subj : This super-dangerous Android malware has returned to target US sh
To   : All
From : TechnologyDaily
Date : Tue Sep 26 2023 20:45:04

This super-dangerous Android malware has returned to target US shoppers and 
bankers

Date:
Tue, 26 Sep 2023 19:21:55 +0000

Description:
Hide your banking apps, hide your crypto wallets, because Xenomorph is coming 
for everything.

FULL STORY
======================================================================

The infamous Xenomorph Android malware is back with new tools, and ready to 
steal more than just money from unsuspecting victims, experts have warned. 

Cybersecurity researchers ThreatFabric, which has been monitoring the malware 
since early 2022, there is a new campaign active at the moment, targeting 
victims in the U.S., Canada, Spain, Italy, Portugal, and Belgium. 

The infection chain is similar to what weve seen from Xenomorph in the past - 
the attackers set up phishing pages, warning victims that their Chrome 
browser needs to be updated and then delivering the malicious APK to the 
endpoint. New distribution mechanism 

Those that take the bait and install the APK will get an advanced version of 
Xenomorph, capable of stealing money from numerous banks, as well as 
cryptocurrencies from different wallets. 

The malware does so by overlaying legitimate apps, and this time around, 
Xenomorph comes with approximately a hundred different overlays. The app 
chooses the right overlay, depending on the target demographic. 

"This latest campaign also added plenty of financial institutions from the 
United States, together with multiple crypto-wallet applications, totaling 
more than 100 different targets per sample, each one using a specifically 
crafted overlay to steal precious PII from the victim's infected device," the 
researchers said in their technical writeup. 

Xenomorph has endured countless changes throughout the years. The latest 
version comes with a couple of new features, including a way to mimic 
legitimate apps, simulating a tap on the screen, and making sure the 
smartphone doesnt switch its screen off by keeping active notifications on at 
times. 

The malware was first discovered in early 2022 when it was observed targeting 
users of 56 banks in Europe. Back then, it was being distributed via Google 
Play, and was downloaded more than 50,000 times. Since then, it was removed 
from Googles repository and deployed via a dropper called BugDrop. 

 Via BleepingComputer More from TechRadar Pro Top data breaches and cyber 
attacks of 2022 Here's a list of the best firewalls These are the best 
identity theft protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-super-dangerous-android-malware-ha
s-returned-to-target-us-shoppers-and-bankers


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.