In one of its most recent discoveries, the security researchers spotted a trojan dubbed Xenomorph hiding inside a harmless-looking lifestyle app. And it’s not any ol’ trojan; it’s a banking trojan. It’s designed to steal your sensitive information from banking apps.
Beware of the Xenomorph
“Todo: Day Manager” is the name of the cyber threat. Not only can it steal credentials from banking applications on your device, but it can also intercept your text messages and notifications. This means it can snatch your one-time passwords and slip through any multifactor authentication barriers. Upon installing the app, ToDo: Day Manager asks users to enable certain permissions. Once the unwitting victim acquiesces to its requests, the app makes itself your device’s admin — and blocks you from reversing this change. This ensures that you can’t install it from your phone. Next, it superimposes an overlay (e.g. a fake login screen) on top of legit banking apps installed on your device, tricking you to enter your credentials. As a result, you may inadvertently hand over your banking information to cybercriminals. Interestingly, the researchers noticed that the modus operandi of the Xenomorph trojan is similar to another malicious malware family they discovered three months ago: the Coper banking trojan. “This trojan was similarly embedded in apps on the Google Play Store and sourced its malware payload from the Github repo,” the report said. Fortunately, Google removed the malicious threats from the Play Store, but this won’t be the last banking trojan that will wiggle its way into the Android app store. With so much malware sneaking past Google Play’s defenses, the search engine giant needs to deploy better hawk-eyed methods to keep cybercriminals at bay.