Xenomorph Malware has been re -established in a new distribution campaign and is expanding its scope to focus on more than 30 American banks together with various financial institutions worldwide.
Cyber’s security analysts from Threatfabric recently discovered this revival, which depends on misleading phishing -web pages that occur as a chrome update to mislead victims to download malignant APKs.
Xenomorph came to the attention of experts in February 2022 for the first time. This malware is known to use these overlays to record personally identifiable information (PII) such as user names and passwords. In particular, it has an advanced automated transfer system (ATS) engine, which makes a wide range of actions and modules possible, which improves adaptability.
The newest campaign has seen a geographical expansion, with thousands of Xenomorph downloads included in Spain and the United States, which reflect a broader trend among malware families to focus on new markets in the Atlantic Ocean.
In technical terms, Xenomorph has added new possibilities to its arsenal, including an anti -sleep function, a “Mimic” mode to prevent detection and the possibility of simulating touch actions. The goals of the malware include Spain, Portugal, Italy, Canada, Belgium, numerous American financial institutions and cryptocurrency portfolios.
Read more about Xenomorph: Hadoken Security Group Upgrades Xenomorph Mobile Malware
Another remarkable development is the observation of Xenomorph that is distributed in addition to powerful desktop signers, calling questions about potential connections between threat actors behind these malware variants, or the possibility that Xenomorph is now being offered as a Malware-as-a-Service (Maas) for use with other malignant.
According to an advice published by ThreatFabric on Monday, this revival underlines the persistent efforts of cyber criminals to maximize their profit.
“Xenomorph is back after months of Hiatus, and this time with distribution campaigns that are aimed at some regions that have been historically interesting for this family,” is the technical description.
“Xenomorph maintains its status as an extremely dangerous Android Banking Malware, with a very versatile and powerful ATS engine, with several modules made, with the idea of supporting the devices of multiple manufacturers.”
The threat advice, contains a detailed appendix with crucial information for identifying infections related to the Xenomorph malware.
Editorial Image Credit: Hi_Pictures / Shutterstock.com