European banks get targeted by the Xenomorph trojan

March 7, 2022
Europe Banks Sector Xenomorph Financial Trojan Malware 2FA

Researchers discovered an Android banking trojan known as Xenomorph infecting targets by abusing an app inside Google Play Store. The trojan had targeted more than 50 banks across the European continent to gather victims’ sensitive information.

According to researchers, the currently developing strain of Xenomorph overlaps with another banking trojan called Alien.

Furthermore, the trojan focuses on elusively evading the Google Play Store’s security protection by impersonating several production applications. Based on recent observations, the most used app by the threat actors is Fast Cleaner.

The threat operators bet on an unaware individual to download and install their compromised application. Although the Xenomorph trojan is a developing strain, it still infects many victims since it effectively overlays and spreads the trojan through the app store.

The researchers also highlighted that the Xenomorph trojan has a modular engine that exploits accessibility services, enabling the threat actors to obtain advanced capabilities.

 

The Xenomorph trojan injects compromised overlay screens at the top of the marked apps found within Portugal, Belgium, Spain, and Italy. In addition, the trojan targets cryptocurrency wallets and emailing services.

 

It also has a notification interception functionality to intercept incoming 2FA tokens. This functionality is critical since the 2FA tokens are a one-way code received through SMS or Email. If the threat actors successfully hinder the arrival of a 2FA token, it can allow them to access any account that corresponds to the one-time password.

The results are then exfiltrated to a remote command-and-control server by the threat actors.

The Xenomorph trojan focuses on landing applications on verified markets such as Google Play Store to increase their infection rate. Today, the banking trojan is developing and could soon evolve into a more advanced threat.

Most experts suggest that users utilise an anti-malware application in their smartphones that can monitor any app’s behaviour after installation.

About the author

Leave a Reply