Banks & Crypto being Hacked by Xenomorph Android Spyware

Researchers studying security issues have uncovered a fresh campaign that targets Android users in the US, Canada, Belgium, Spain, Italy, and Portugal with a fresh strain of the Xenomorph virus.

Since February 2022, analysts at ThreatFabric, a cybersecurity business, have been monitoring Xenomorph activities. They have observed that the latest campaign began in mid-August.

Several U.S. financial organizations and bitcoin wallet users are the target audience for the most recent version of Xenomorph.

Early in 2022, Xenomorph made its public debut as a banking malware that used screen overlay phishing to target 56 European banks. It was made available on Google Play, where it has more than 50,000 installs.

After continuing to work on it, “Hadoken Security,” the malware’s creators, issued an updated version in June 2022 that was more versatile and modular.

After all, Xenomorph had already achieved the classification of “major threat” and was among the top 10 banking trojans in Zimperium at that point.

ThreatFabric revealed in August 2022 that Xenomorph was being spread with a brand-new dropper called “BugDrop,” which got over Android 13’s security safeguards.

The same experts released a report in December 2022 on a new malware distribution mechanism known as “Zombinder,” which inserted the danger inside the APK file of genuine Android apps.

The third major version of Xenomorph was most recently published by Hadoken in March 2023. It included the ability to target over 400 banks, an automated transfer system (ATS) for autonomous on-device transactions, MFA bypass, and cookie theft.

(Score: 12) - 4/5