The third generation of the Xenomorph banking malware is marketed by hackers. This is more effective and targets a greater number of banks, including French institutions.
A little over a year ago, we reported to you about the emergence of Xenomorph, a new malware plaguing Android via apps from the Play Store. This banking Trojan has been spotted in a growing number of apps over the past year, and a new, even more dangerous variant is emerging.
Xenomorph goes to V3
The society ThreatFabric, which was already behind the discovery of the first strain last year, says that this latest version of Xenomorph is now able to steal the credentials of customers from 400 banks around the world. The first version of the malware targeted ” only “ 56 banks, all European.
The other big addition to this version of Xenomorph is the introduction of an automated transfer system making data theft much more efficient.
“Thanks to its new features, Xenomorph is now able to automate the entire bank fraud chain, from infecting the user’s device to exfiltrating funds, making it one of the most advanced and dangerous Trojans circulating on Android »say experts from ThreatFabric.
Many French banks targeted
The creators of the malware belong to the Hadoken Security Group, which does not necessarily exploit Xenomorph itself, but which sells its hacking solution to other malicious actors. Incidentally, a website promoting the third generation Xenomorph has been spotted online. This would be sold in the form of a MaaS (malware as a service), with updates reinforcing its capabilities.
Xenomorph V3 targets financial institutions from the United States, Spain, Turkey, Poland, Australia, Canada, Italy, Portugal, Germany, United Arab Emirates, from India… and from France. BNP Paribas, La Banque Postale, Crédit du Nord, LCL, Crédit Agricole, Société Générale are part of the long list of banks targeted by the malware. 13 cryptocurrency wallets, including Binance, BitPay, KuCoin, Gemini and Coinbase are also targeted.
Source : ThreatFabric
13