The Xenomorph banking trojan has made its way onto the Google Play Store according to sources. In recent cases, the trojan disguises itself as a productivity app and has been bypassing the security measures in place by the Play Store. European banks in countries such as Italy, Spain, Belgium, and Portugal have been a recent target of Xenomorph. As previously mentioned, the trojan aims to target banking credentials, however, it can also affect email services and crypto wallets. This variant has also been known to acquire multifactor authentication tokens transferred using SMS as well as a list of applications that are installed on the phone. After this information is obtained it is typically sent to a Command-and-Control (C2) server.
Analyst Notes
The Xenomorph trojan is still being developed, so more configurations are likely to come in the future. Those that use the Google Play Store should be cautious about the apps they download and for applications that do get downloaded, their behavior should be monitored. Android users should also consider an anti-malware app to help protect them from malicious applications like Xenomorph.
https://cyware.com/news/xenomorph-trojan-spreading-via-play-store-to-target-european-banks-11f4599e
