The Xenomorph banking trojan has made its way onto the Google Play Store according to sources. In recent cases, the trojan disguises itself as a productivity app and has been bypassing the security measures in place by the Play Store. European banks in countries such as Italy, Spain, Belgium, and Portugal have been a recent target of Xenomorph. As previously mentioned, the trojan aims to target banking credentials, however, it can also affect email services and crypto wallets. This variant has also been known to acquire multifactor authentication tokens transferred using SMS as well as a list of applications that are installed on the phone. After this information is obtained it is typically sent to a Command-and-Control (C2) server.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is