A new Android threat called Alien Malware or Alien RAT, which appears to have ties to the Cerberus banking malware, has been seen stealing credentials from a target list of around 226 mobile applications. Many of these mobile applications included those for banks around the world such as BBVA Spain and Bank of America. Alien is being sold on criminal forums by a threat actor known as “-ring0-“ using an account that has only posted about 24 times over the past year. The capabilities of this RAT are quite powerful—it has the ability to get around two-factor authentication (2FA) by stealing codes from Google Authenticator and intercepting text messages, and also it can take advantage of the TeamViewer application to completely take over the infected device. Its complete list of features shows the Alien has the ability to carry out 24 functions. When attempting to differentiate between Cerberus and Alien, researchers discovered Alien was implemented separately and used different endpoints. A complete list of the targets and some of the samples seen in the wild can be found here: https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html