Banking malware known as Xenomorph, which was initially discovered in Europe, has now expanded its reach to other regions. Cybersecurity firm ThreatFabric has found that a new version of Xenomorph is targeting Android users in the US, Canada, Spain, Italy, Portugal, and Belgium. This malware aims to steal from people’s cryptocurrency wallets and gain access to American users’ accounts at various financial institutions.
Xenomorph first appeared in Europe, luring people through the Google Play store. Approximately 50,000 individuals fell victim to the malware. Over time, Xenomorph has become more relentless, with an August 2022 version even managing to bypass security measures in Android 13.
In March 2023, a version with the capability to carry out autonomous on-device transactions, steal cookies, and target over 400 banks was discovered. The creators of Xenomorph have invested considerable effort into developing actions specifically designed to take over Samsung and Xiaomi devices, as these are among the most popular Android smartphones.
The new version of Xenomorph employs deceptive tactics to trick Chrome users into downloading harmful software. It utilizes phishing pages to convince users that they need to update their internet browser, subsequently leading them to download malicious APKs. The malware then utilizes screen overlays to discreetly capture valuable information, including usernames, passwords, and credit card numbers. North American financial institutions and cryptocurrency apps are among the latest targets.
Despite people’s ability to recognize these ploys, the malware has already been downloaded thousands of times by users in Portugal, Spain, and the US. Xenomorph possesses the ability to simulate taps on a screen, allowing its operators to perform actions without detection.
If you encounter a prompt asking you to update your internet browser, it is advisable to avoid it. Such prompts are commonly used by malicious actors to capture the attention of their victims and trick them into downloading harmful content. Most individuals enable automatic updates in the Google Play store, ensuring that their apps, including Chrome, remain up to date. Stay vigilant and prioritize cybersecurity to protect yourself from evolving threats like Xenomorph.
