Be very careful with these two apps: they pose as seemingly harmless task managers, but they can empty your bank account.
At the beginning of the year we already had to report on the spawn of Xenomorpha dangerous Trojan, capable of steal banking app login details, and even intercept one-time codes received by SMS. Thanks to his techniques, he managed to become one of the most widespread and dangerous trojans available on Android.
Now, Xenomorph has returned to the Google Play Store. As reported by the specialized cybersecurity portal hispasecthe Zscaler ThreatLabz research team has discovered new apps infected with Xenomorph in the app store of Android devices.
These apps accumulate thousands of downloads by users, as they pose as seemingly harmless tools. However, inside they hide one of the virus most dangerous that exist today.
The Trojan hides in two seemingly harmless applications
As the researchers have indicated, the malware hides in two seemingly harmless apps: a task manager and an app to keep track of expenses. Their names are “Todo: Day manager (com.todo.daymanager) Y “Expense Keeper (com.setprice.expenses)”.
Once either of the two applications is installed, user is prompted to grant access permission to obtain advanced privileges and be able to carry out the next step of the attack, which consists of download the malware itselfhosted on GitHub.
With the malware already installed on the victim’s device, Xenomorph carries out the rest of the attackattempting to steal banking app credentials and intercepting text messages and notifications so that it is able to steal one-time verification codes.
This is not the first Trojan to take advantage of android accessibility permissions to take control of devices and infect them. For that reason, it is very important decide well what type of permissions are granted to each applicationand it is recommended to use this type of advanced permissions only in those apps from trusted developers and with some popularity within Google Play.
Source link
andro4all.com