The Xenomorph Android malware has added new capabilities to steal information from over 400 banks, including Chase, Citibank, and American Express.
The malware's app has been downloaded over 50,000 times in the Google Play Store.
- The
malware, first tracked in early 2022, has evolved quickly from being
able to target a little over 50 banks to now stealing information from
more than 400.
- According to researchers, Xenomorph is now among
the most dangerous Android malware due to its ability to automate the
entire fraud chain.
- What makes it stand out is its ability to hack not only SMS-based authentication but also application-based authentication.
- The malware can target financial institutions such as:
- Chase,
- Citibank,
- American Express,
- ING,
- HSBC,
- Deutsche Bank,
- Wells Fargo,
- Amex,
- Citi,
- BNP,
- UniCredit,
- National Bank of Canada, etc.
- The malware can also breach several popular cryptocurrency wallets such as Binance, Coinbase, Gemini, etc.
- The new Xenomorph variant also includes a cookie stealer.
- The
stealer launches a browser window with the URL of a legitimate service
with the JavaScript interface enabled, tricking the victim into entering
their login details.
- The threat actors then steal the cookie and hijack the victim's web browsing session.
