Inside the Shell: Xenomorph’s Core Functionality “This is not an uncommon lure, and we have seen malware families like Vultur and Alien being deployed by such application,” the researchers said. Sporting 50,000 installations, it purported to remove unused clutter and battery optimization blocks for better device processing times. ThreatFabric observed the malware being loaded by a dropper hiding in a Google Play application called “Fast Cleaner” (since reported to Google). ![]() And, they added, “It would be unsurprising to see this bot sport semi-automatic transfer system (ATS) capabilities in the very near future.”ĪTS is the process of automatically initiating wire transfers from the victims without needing to use credentials, thus bypassing 2FA and all anti-fraud measures. It also uses SMS and notification-interception to log and use potential two-factor authentication (2FA) tokens, according to ThreatFabric. However, they noted that it’s already making a mark on the banking trojan front: “Xenomorph is already sporting effective overlays and being actively distributed on official app stores.” That advanced functionality is not yet implemented, so the researchers have deemed Xenomorph as still under development. “The information stored by the logging capability of this malware is very extensive, and if sent back to the C2 server, could be used to implement keylogging, as well as collecting behavioral data on victims and on installed applications, even if they are not part of the list of targets.” ![]() “The Accessibility engine powering this malware, together with the infrastructure and command-and-control (C2) protocol, are carefully designed to be scalable and updatable,” the researchers warned in a Monday posting.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |