CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Malicious Google Play Store App Spotted Distributing Xenomorph Banking Trojan

admin by admin
November 12, 2022
in Information Security


Google has removed two new malicious dropper apps that have been detected on the Play Store for Android, one of which posed as a lifestyle app and was caught distributing the Xenomorph banking malware.

“Xenomorph is a trojan that steals credentials from banking applications on users’ devices,” Zscaler ThreatLabz researchers Himanshu Sharma and Viral Gandhi said in an analysis published Thursday.

“It is also capable of intercepting users’ SMS messages and notifications, enabling it to steal one-time passwords and multi-factor authentication requests.”

The cybersecurity firm said it also found an expense tracker app that exhibited similar behavior, but noted that it couldn’t extract the URL used to fetch the malware artifact.

Xenomorph Banking Trojan

The two malicious apps are as follows –

  • Todo: Day manager (com.todo.daymanager)
  • 経費キーパー (com.setprice.expenses)

Both the apps function as a dropper, meaning the apps themselves are harmless and are a conduit to retrieve the actual payload, which, in the case of Todo, is hosted on GitHub.

CyberSecurity

Xenomorph, first documented by ThreatFabric earlier this February, is known to abuse Android’s accessibility permissions to conduct overlay attacks, wherein fake login screens are presented atop legitimate bank apps to steal victim’s credentials.

What’s more, the malware leverages a Telegram channel’s description to decode and construct the command-and-control (C2) domain used to receive additional commands.

The development follows the discovery of four rogue apps on Google Play that were found directing victims to malicious websites as part of an adware and information-stealing campaign. Google told The Hacker News that it has since banned the developer.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Improve user security with UX design using these tips

Next Post

Initiateinnovationgovernance

Related Posts

Information Security

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

by admin
March 24, 2023
Information Security

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

by admin
March 24, 2023
Information Security

AV-Comparatives Anti-Phishing Test | Avast

by admin
March 24, 2023
Information Security

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

by admin
March 23, 2023
Information Security

New Instagram scam uses fake SHEIN gift cards as lure

by admin
March 23, 2023
Next Post

Initiateinnovationgovernance

Recommended

Illuminatesilience

March 25, 2023

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

March 24, 2023

Automate the deployment of an NGINX web service using Amazon ECS with TLS offload in CloudHSM

March 24, 2023

AV-Comparatives Anti-Phishing Test | Avast

March 24, 2023

Innateniche

March 24, 2023

The Importance of Sustainable Technology

March 23, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.