Security experts warn of a new banking Trojan bearing the name xenomorph. It hides in the Google Play Store and reaches the smartphones of its victims by downloading applications. His goal is to steal bank data. xenomorph It’s not the only malware that has made the Play Store unsafe recently. Learn more about threats and how you can protect yourself from them, for example through preventive measures or password management.
xenomorph Threatening thousands of users
Trojan horse found in Fast Cleaner app. Fast Cleaner promises to improve smartphone performance by removing unwanted data from the app. However, when you install it, you are downloading dangerous malware on your cell phone.
xenomorph uses screen overlays (“overlays”) to trick the user into entering usernames and passwords; It also collects information about infected devices and reads users’ text messages.
This feature allows malware to intercept the login credentials of bank accounts and webmail accounts. It can also collect temporary codes that you use with two-factor authentication and other notifications sent to your phone via text message.
Experts consider the code of xenomorph He took a closer look and found that the Trojan can generate very convincing fake screens that are similar to nearly 60 different banking apps in Belgium, Italy, Portugal and Spain. He also managed to spoof login screens for Gmail, Google Play, Hotmail, Mail.com, Microsoft Outlook, PayPal and Yahoo Mail.
thibot Hides in the QR code scanner
Another well-known banking Trojan is thibot. It recently returned to Google Play after Google previously removed it from the Store.
It hid in an app called “QR Code & Barcode – Scanner”, of which there are many similar names and functions. The app has already been downloaded more than 10,000 times and has received numerous user reviews, with half of them giving the app five stars. However, the app has since disappeared.
The app was able to bypass Google Play’s verification mechanisms because it temporarily remained harmless after installation. However, it asks the user for permission to install an add-on. This includes downloading software from an unknown source – and downloading a Trojan horse thibot.
Once installed, the malicious add-on exploits file abuse settings Accessibility for Android (intended for blind or deaf users) to control the phone screen, interact with other apps, and intercept text messages.
This means that thibot how xenomorph Not only can the login credentials of bank accounts, webmail, social media, and other sensitive accounts be intercepted. It is also capable of stealing sent or generated two-factor authentication codes designed to prevent cybercriminals from logging in with stolen passwords.
This is how you identify malware and protect yourself from it
Get to know the app in advance
First of all, you should of course make sure that malware does not get to your smartphone in the first place. Avoid downloading apps from unknown providers.
Although Google verifies apps before adding them, fake apps continue to enter the Store (see above). Just last year, security experts reported 151 malicious apps with just over ten million downloads. And this is just one case exposed in many cases.
If you still want to download an unknown app, check reviews to see what apps the manufacturer still offers, and download numbers. Type the name of the application into the search engine; You may already receive notifications here that indicate a malicious app.
If you are unsure, do not download the apps.
Use a password manager
As you have seen, once it was installed on users’ smartphones, it was easy for a Trojan to steal login credentials. With Password manager You can prevent cybercriminals from using your stolen password for your other accounts.
Because many users make the mistake of using the same password for multiple accounts out of convenience or ignorance. If an unknown person steals one of your passwords, they can also gain access to other accounts.
Password Manager helps you create complex and unique passwords, store and manage them in a virtual vault. Even if a hacker steals the credentials from one of your accounts, they cannot use them on other accounts.
Virus Scanner Yes or No?
If you only use the Play Store, you don’t necessarily need an additional antivirus. because with google play for protection Does the Play Store already have a good built-in virus scanner (for example, a file Discover the Trojan state of Libizan).
However, if you download apps from unknown sources, there is no harm in looking for one of them Reputable Virus Scanner Alternative With additional security features.
Conclusion
To protect yourself from malware and trojans, you should be careful where you get your apps from. Still the safest source is the Play Store with Google Play Protect. Moreover, take a closer look at the permissions required by the app. If the app requires too many permissions, you’d better look for an alternative. You should also install updates for your system and apps regularly, activate all security functions (encryption, PIN, etc.) and protect your passwords with a password manager. Regular backups are also essential.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”
More Stories
Firefox 127 grants host permissions when installing MV3 extensions
An American company is promoting Apple's thinnest device yet
Codename Kestrel: Alan Wake developer presents a new project