Android alert: New malware targets 56 banking apps on Google Play Store

A new banking trojan malware has surfaced inside the Google Play Story, the platform used by Android users to download apps. The new Android malware has been dubbed as ‘Xenomorph’ by threat analysts at cybersecurity firm TheatFabric, who have detailed how the new malware is targeting customers of different banks. It has already been downloaded by more than 50,000 people in just a few weeks after surfacing this month.

The new malware steals usernames and passwords to get access to personal information and bank accounts of users. It has reportedly been found targeting 56 different European banks. As with such types of malwares on Android, the ‘Xenomorph’ banking trojan has bypassed the security and is not infiltrating smartphones through Google Plat Store apps.

The researchers identified one such app reportedly called the ‘Fast Cleaner’ which has become a window for the trojan to get into smartphones. The app which helps increase device performance by removing storage clutter has more than 50,000 downloads. This app has been delivering the malware.

In the beginning of February, ThreatFabric discovered #Xenomorph, a brand new Android malware family with ties to another infamous Android malware banking trojan.

Can you guess which one? ;)

Blog-post coming soon. Stay tuned! pic.twitter.com/fPbUEa151s

— ThreatFabric (@ThreatFabric) February 18, 2022

The malware uses fake overlays in place of the actual login screen on the banking apps of victims which enables it to procure usernames and passwords at the time of a login. Apps have been targeted from banks in countries like Italy, Belgium, Portugal and Spain. Apart from banking login pages, media reports suggest the trojan can achieve password theft from email ids, crypto wallets, intercepting text messages and app notifications.

Cybersecurity researchers believe the new malware is linked to an older one called Alien, which is similar in design. Their objective is to trick users into divulging access details by taking control of the smartphone or any other device. While the malware is still in early stages and not fully-developed in capabilities, researchers has stated that it could potentially target banks in more countries.

ThreatFabric has reportedly flagged the app to Google and suggested its removal from the Android Play Store. Technology news website ZDNet quoted a Google spokesperson in this regard, “The safety and security of users is our top priority, and if we discover an app that violates our policies, we take action.”