Banking malware Xenomorph which quickly became known as one of the most dangerous malware after first appearing in Europe has now evolved and made its way to other regions.
Cybersecurity firm ThreatFabric (via Bleeping Computer) has found that a new version of Xenomorph is now after Android users in the US, Canada, Spain, Italy, Portugal, and Belgium. It wants to steal from people’s cryptocurrency wallets and gain access to American users’ accounts at various financial institutions.
When it was first discovered in Europe, it lured people through the Google Play store and 50,000 people fell for it. It continued becoming relentless with time and an August 2022 version was even able to break through security measures in Android 13.
In March 2023, a version with the capability to carry out autonomous on-device transactions, steal cookies, and target more than 400 banks was found.
The report also notes that people behind Xenomorph have put a lot of effort into creating sets of actions to take over Samsung and Xiaomi devices, as these are among the most popular Android smartphones.
New version of Xenomorph deceives people into downloading harmful software
The new mode of attack is to convince Chrome users that they need to update the internet browser using phishing pages and make them download malicious APKs in the process. It uses screen overlays to covertly steal valuable information such as usernames, passwords, and credit card numbers. Among the latest targets of Xenomorph are American financial institutions and cryptocurrency apps.
And while you may think that most people can see through ploys like these, the malware has already been downloaded thousands of times by users in Portugal, Spain, and the US.
The malware is powerful enough to simulate taps wherever it wants on a screen, allowing its operators to perform actions without getting detected.
If you ever spot a prompt asking you to update your internet browser, avoid it as these types of prompts are usually used by bad actors to capture the attention of their victims and trick them into downloading harmful stuff. Most people enable automatic updates in the Google Play store anyway, so chances are that most of your apps, including Chrome, are already up to date.
The post North American Android users should be careful while ‘updating’ Chrome browser first appeared on www.phonearena.com