Android Banking Malware ‘Xenomorph’ May Have Impacted Thousands

Hotstar in UAE
Hotstar in UAE

One of the biggest challenges for Android users is staying on guard with the changing landscape of mobile security. While Google has made tremendous strides in curbing malware on the platform, cybercriminals are quick to adjust their method of attack. Security researchers have now uncovered a new banking malware hiding under an app known as “Fast Cleaner.”

The research comes via security firm ThreatFabric, which took a deep dive into the Fast Cleaner app. It had around 50,000 installs before it was taken down by Google.

“Based on the intelligence gathered, users of 56 different European banks are among the targets of this new Android malware trojan, distributed on the official Google Play Store, with more than 50.000 installations,” the research team said in a blog post (via Phone Arena).

ThreatFabric revealed that the Fast Cleaner app infects the Android device with a trojan designed to steal sensitive information from the user. This could include reading texts or notifications without the user ever knowing about it. The research team calls this new malware “Xenomorph,” adding that it has some similarities with the recent Alien banking trojan.

Researchers said that Xenomorph is a relatively new malware and not as advanced as the Alien trojan

Of course, nobody would willingly download a malicious app on their device. Users who downloaded the app went by its description, which says it is a “battery saver” and a “phone booster” app. If you still have this app on your Android smartphone, be sure to delete it right away.

Unfortunately, deleting the malicious app alone may not be sufficient. Users should also check their bank statements for any suspicious activity or contact the bank for any further clarification.

Given that there are several apps with similar-sounding names, it is nearly impossible to distinguish between the good and bad. As for the Fast Cleaner app, it was published on the Play Store by a developer known as “ilzeeva4.”

ThreatFabric’s report claims Xenomorph was still in its nascent stages when it was found. This suggests that it may not be as advanced as the Alien trojan. As the graph below shows, this app was mainly targeting users across Europe.

In terms of future measures, users should always double-check the apps they download. It’s also wise to go through the ratings and reviews on the Play Store or through other sources.

2022-02-23 15:07:43