Xenomorph Malware Resurfaces in New Campaign Targeting US Banks and Financial Institutions
Cybersecurity analysts have recently uncovered a resurgence of the Xenomorph malware in a new distribution campaign, expanding its reach to target over 30 US banks and various financial institutions worldwide. This malware, first detected in February 2022, is notorious for using deceptive phishing webpages that pose as Chrome updates to trick victims into downloading malicious APKs.
One of the standout features of Xenomorph is its use of overlays to capture personally identifiable information (PII), such as usernames and passwords. Additionally, it boasts a sophisticated automated transfer system (ATS) engine that allows for a wide range of actions and modules, making it highly adaptable to different scenarios.
The latest campaign has seen a geographical expansion, with a significant number of Xenomorph downloads recorded in Spain and the United States. This trend mirrors the broader shift among malware families to target new markets across the Atlantic.
In terms of technical capabilities, Xenomorph has introduced new features to its arsenal, including an anti-sleep function, a “mimic” mode to evade detection, and the ability to simulate touch actions. Its targets now span across Spain, Portugal, Italy, Canada, Belgium, multiple US financial institutions, and cryptocurrency wallets.
A concerning development is the observation of Xenomorph being distributed alongside powerful desktop stealers. This raises questions about potential connections between threat actors behind these malware variants or the possibility that Xenomorph is now being offered as a Malware-as-a-Service (MaaS) for use in conjunction with other malicious software families.
In a recent advisory published by ThreatFabric, the resurgence of Xenomorph underscores the relentless efforts of cyber-criminals to maximize their profits. The advisory warns that Xenomorph remains an extremely dangerous Android banking malware with a versatile and powerful ATS engine, along with multiple modules designed to support various manufacturers’ devices.
For those concerned about identifying infections related to the Xenomorph malware, the ThreatFabric advisory includes a detailed appendix with crucial information for detection.
As the threat landscape continues to evolve, it is crucial for individuals and organizations to stay vigilant against such malicious campaigns targeting sensitive financial information. The resurgence of Xenomorph serves as a stark reminder of the ongoing battle against cyber threats in today’s digital world.
(Image credit: HI_Pictures / Shutterstock.com)