Xenomorph Android malware now targets U.S. banks and crypto wallets
www.threatfabric.com
- New Campaign and Targets: Security researchers found a new Xenomorph malware campaign aimed at Android users in multiple countries including the U.S. and Canada. It targets cryptocurrency wallets and various U.S. financial institutions.
- Evolution: Initially a banking trojan, Xenomorph has evolved to become more modular and flexible, with the ability to target over 400 banks. It also features an automated transfer system, MFA bypass, and cookie stealing.
- Distribution Methods: The malware is distributed via phishing pages and embedded in legitimate Android apps. A new dropper named "BugDrop" was introduced to bypass Android 13 security features.
- Enhanced Features: New functionalities include a "mimic" feature that allows it to act as another application, "ClickOnPoint" for simulating screen taps, and an "antisleep" system for prolonged engagement.
- Associated Threats: Collaboration with other potent Windows malware suggests the possibility of Malware-as-a-Service (MaaS). ThreatFabric analysts also discovered other malicious payloads like Medusa and Cabassous during their investigation.
Comments 3