A new Android banking trojan with more than 50,000 downloads has been identified, targeting 56 European Banks. The malware developed to collect sensitive information from infected devices is distributed through the Google Play Store. The malware is named Xenomorph by ThreatFabric security researchers and shows similar features to the Alien Android banking trojan.
Xenomorph appears to be a “Fast Cleaner” productivity app that aims to speed up the device by removing unused files from devices. The Xenomorph malware is currently under development and has modern Android banking trojan capabilities. The primary attack vector includes enhanced functionalities to extract two-factor (2FA) authentication tokens received via SMS or notifications.
Xenomorph also targets Android users in Spain, Portugal, Italy, and Belgium by manipulating certain apps such as e-mail services and cryptocurrency wallets. It is recommended that Android users download applications from official and reliable sources, check the permissions requested by the applications to be downloaded, and use Anti-Virus / Anti-Malware solutions to avoid being affected by similar campaigns. In addition, it is crucial to prevent IoC findings related to the malware in question from the security solutions used.