A new Android banking trojan with over 50,000 installations has been observed being distributed via the official Google Play Store with the goal of targeting 56 European banks and harvesting sensitive information from compromised devices. Dubbed Xenomorph by Dutch security firm ThreatFabric, the in-development malware is said to share overlapping features with another banking trojan tracked under the moniker Alien while also being “radically different” from its predecessor in terms of the functionalities offered. “Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores,” ThreatFabric’s founder and CEO, Han Sahin, said. “In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS.”
Some Android malware is distributed through malicious apps in the Google Play Store. Even though the app is in the official store does not mean it is safe and has no malicious functionality. Be careful to only install apps that are really needed and have a good reputation, especially if the Android device will be brought to workplaces that could be targeted by threat actors.