Experts Warn Users To Hide Banking Apps And Crypto Wallets As Dangerous Android Malware On The Rise

A super dangerous Android malware is on the rise and that’s why cybersecurity experts are warning users to hide all kinds of banking applications including crypto wallets.

The news has plenty of people talking as the notorious Xenomorph Android malware comes back, stronger and more equipped with tools to target more than what it was notoriously capable of in the past.

This is why alarm bells are ringing so that users don’t fall victim to the alarming endeavor that manages to take more than money, without anyone noticing.

The report comes to us thanks to experts at ThreatFabric who have been monitoring the situation for quite some time, including since the start of last year. They unveiled how there’s a new campaign on the rise that targets users present across Italy, the US, Belgium, Canada, Spain, and even Portugal.

Moreover, the infection chain is quite like what we saw taking place in the past thanks to Xenomorph. It mentioned how attackers are rolling out phishing pages and sending out warnings to plenty of victims regarding Chrome browser and how its respective needs should be updated. After that, it does not take long before it adds a malicious APK toward the endpoint.

Meanwhile, a new mechanism has been outlined by which the malware functions and how victims take the bait and start installing APKs arising from the newest Xenomorph variant. The latter can not only steal funds from several banks but also has the tendency to grab a hold of several wallets.

This particular malware does this by laying down legitimate applications. Moreover, this time, Xenomorph arrives with close to 100 kinds of overlays. After selecting the specific overlay, it makes sure that it’s in line with the particular demographic in question.

This new campaign has gone the extra mile in terms of targeting leading financial institutions across the US, alongside several crypto-wallet apps. As a whole, the figure is directed toward nearly 100 kinds of targets for each sample. Every one of those is carefully curated to steal many precious PII from infected phones belonging to the victim.

All of this was mentioned in the entire tech write-up by experts who are carefully analyzing the situation as we speak further.

For years, this Xenomorph has really gone through so many changes. And the latest variant arrives with more new features. And at the top of the list is a manner by which it can copy the real applications, similar to like how a screen tap is carried out. This makes sure such smartphones don’t have their screens off by simply ensuring active alerts are visible at all times.

Moreover, this particular Android malware first came into play in 2022. And that was when we saw it targeting so many users across a whopping 56 banks spread across the European region.

During that time, Google Play happened to be its respective distributor and then it was installed after that approximately 50,000 times. Thankfully, it was booted by Google but then deployed through a dropper.


Read next: Microsoft's AI-Powered Security Advancements for Windows 11
Previous Post Next Post