A new variant of the Android banking trojan named Xenomorph has been detected in the wild, according to the latest findings from ThreatFabric. Dubbed “Xenomorph 3rd generation” by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to perform financial fraud in a seamless manner. Xenomorph is designed to target more than 400 banking and financial institutions, including several cryptocurrency wallets. The malicious code is distributed through Discord’s Content Delivery Network (CDN) and is delivered via trojanized versions of legitimate apps. The threat actor can abuse Accessibility Services to perform fraud through overlay attacks, allowing them to automate the whole fraud chain from infection to funds exfiltration.
Android users must take extra precautions to protect their devices from such threats. Installation of a reliable anti-malware solution, avoiding suspicious links and apps, and being wary of emails and SMS containing malicious attachments are some of the key steps that can be taken to help mitigate the risk of infection. Furthermore, users should regularly update their devices with the latest security patches and always check the reviews and ratings of any app they download. By following these basic security measures, users can protect themselves from malicious attacks such as the Xenomorph trojan.