HomeWinBuzzer NewsXenomorph Android Malware Makes Comeback with New Variant Hitting 400 Banks

Xenomorph Android Malware Makes Comeback with New Variant Hitting 400 Banks

A new variant of the Xenomorph malware is now available, targeting 400 banks to automatic attacks around data theft.


Security researchers say a new version of the Xenomorph malware is targeting 400 banks with its new automatic transfer system. firm ThreatFabric first discovered Xenomorph last month hidden within apps on the official Play Store, with over 50,000 installations.

Xenomorph, which is the name given to the Alien in the popular media franchise. The malware was authored by Hadoken Security Group, which continues to make improvements to the base code. That February attack targeted 56 banks in European and was able to steal sensitive data from customer devices.

Now, security experts say that a new version of the malware – known as Xenomorph.C, is much more sophisticated than the previous variant. It now has an automated transfer system (ATS) framework, which means it can target more financial institutions than before.

New Variant

Experts warn that a new variant recently discovered, tracked as Xenomorph.C, was significantly improved. In fact, this time is can target over 400 banks over a wider spread of countries, including the United States, Germany, India, France, UAW, Australia, Spain, Poland, Canada, Italy, Turkey, and Portugal.

“This new version of the malware adds many new capabilities to an already feature rich Android Banker, most notably the introduction of a very extensive runtime engine powered by Accessibility services, which is used by actors to implement a complete ATS framework. With these new features, Xenomorph is now able to completely automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.” Threat Fabric reports.

“In addition, the samples identified by ThreatFabric featured configurations with Target lists made of more than 400 banking and financial institutions, including several cryptocurrency wallets, with an increase of more than 6 times with comparison to its previous variants, including financial institutions from all continents.”

When a threat actor leverages the ATS framework they can automate the theft of data such as account balances and credentials. Moreover, Xenomorph also allows attacks to perform transactions automatically.

“The engine used by Xenomorph stands out from its competition thanks to the extensive selection of possible actions that are programmable and can be included in ATS scripts, in addition to a system that allows for conditional execution and action prioritization.”

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in and ? This is a great way to have your most used programs always at your fingertips. In our tutorials we show you how to set those hotkeys for your favorite apps.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News