![]() It then downloads the malicious Xenomorph banking trojan samples from Github. When the app is first opened, it reaches out to a Firebase server to get the stage/banking malware payload URL. ![]() ![]() This trojan was similarly embedded in apps on the Google Play store, and sourced its malware payload from the Github repo.īelow is the Xenomorph infection cycle once a user downloads an app and opens it. Xenomorph creates an overlay onto legit banking applications to trick users into entering their credentials.Ī similar infection cycle was observed three months ago with the Coper banking trojan. Once provided, it adds itself as a device admin and prevents users from disabling Device Admin, making it uninstallable from the phone. It starts with asking users to enable access permission. Our analysis found that the Xenomorph banking malware is dropped from GitHub as a fake Google Service application upon installation of the app. It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multifactor authentication requests. Xenomorph is a trojan that steals credentials from banking applications on users’ devices. This is the latest in a disturbing string of hidden malware in the Google Play store: in the last 3 months, ThreatLabz has reported over 50+ apps resulting in 500k+ downloads, embedding such malware families as Joker, Harly, Coper, and Adfraud.įig no 1.Malware Installer From Play Store The app is “Todo: Day manager,” and has over 1,000 downloads. The Zscaler ThreatLabz team has recently discovered the Xenomorph banking trojan embedded in a Lifestyle app in the Google Play store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |