Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Xenomorph Trojan Targets European Banks by Way of Google Play Store

The Xenomorph banking trojan has made its way onto the Google Play Store according to sources. In recent cases, the trojan disguises itself as a productivity app and has been bypassing the security measures in place by the Play Store. European banks in countries such as Italy, Spain, Belgium, and Portugal have been a recent target of Xenomorph. As previously mentioned, the trojan aims to target banking credentials, however, it can also affect email services and crypto wallets. This variant has also been known to acquire multifactor authentication tokens transferred using SMS as well as a list of applications that are installed on the phone. After this information is obtained it is typically sent to a Command-and-Control (C2) server.

Analyst Notes

The Xenomorph trojan is still being developed, so more configurations are likely to come in the future. Those that use the Google Play Store should be cautious about the apps they download and for applications that do get downloaded, their behavior should be monitored. Android users should also consider an anti-malware app to help protect them from malicious applications like Xenomorph.

https://cyware.com/news/xenomorph-trojan-spreading-via-play-store-to-target-european-banks-11f4599e