The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system (ATS) framework and the ability to steal credentials for 400 banks.
Xenomorph was first spotted by ThreatFabric in February 2022, which discovered the first version of the banking trojan on the Google Play store, where it amassed over 50,000 downloads.
That first version targeted 56 European banks using injections for overlay attacks and abused Accessibility Services permissions to perform notification interception to steal one-time codes.
Development of the malware continued throughout 2022 by its authors, “Hadoken Security,” but its newer releases were never distributed in high volumes.
Instead, Xenomorph v2, which was released in June 2022, only had short bursts of testing activity in the wild. However, the second version was notable for its complete code overhaul, which made it more modular and flexible.
Xenomorph v3 is far more capable and mature than the previous versions, able to automatically steal data, including credentials, account balances, perform banking transactions, and finalize fund transfers.
"With these new features, Xenomorph is now able to complete automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," warns ThreatFabric.
ThreatFabric reports that it’s likely Hadoken plans to sell Xenomorph to operators via a MaaS (malware as a service) platform, and the launch of a website promoting the new version of the malware strengthens this hypothesis.
Website promoting Xenomorph v3 (ThreatFabric)
Currently, Xenomorph v3 is being distrib ..
Support the originator by clicking the read the rest link below.
