The infamous Xenomorph Android malware is back again, this time upgraded with new features that can target over 100 different banking and crypto apps, including 35 US financial institutions. [As reported by BleepingComputer, the banking Trojan was first discovered by ThreatFabric security researchers in February 2022. Since then, there have been several updates to Xenomorph, including one that modularizes the malware and makes it more flexible. However, it was distributed using a dropper called BugDrop, which allowed it to bypass Android 13's security features.

Now, however, an upgraded version of Xenomorph is being used in a new campaign targeting Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium. This time, a new "mimic" feature allows the malware to run as a separate app on the best Android smartphones, and a "ClickOnPoint" feature allows the cybercriminals behind it to simulate taps at specific locations on your phone's screen ...

Since Xenomorph uses overlays to steal credentials from banking and crypto apps and drain funds from accounts, this Android malware is particularly dangerous and should be avoided at all costs.

According to ThreatFabric, the cybercriminals behind this new campaign have decided to use phishing sites to infect unsuspecting Android users with the Xenomorph malware.

These phishing sites inform potential victims that the version of Chrome they are using is outdated and needs to be updated immediately. At the bottom of the page is a button that says "Upgrade Chrome," but instead of downloading a new version of Google's browser, it directs them to a malicious APK file. This APK file actually contains the Xenomorph malware, which they unwittingly installed on their smartphones.

Like previous versions of this banking Trojan, it continues to use overlays to steal user credentials from banking and crypto apps. These overlays appear on top of legitimate apps and look just like them. However, like credit card skimmers, once the user enters some information, that information is in the hands of hackers. The following are some of the banking and crypto apps targeted by TheatFabric (a full list is available in TheatFabric's blog post):

The overlays that are preloaded on the Xenomorph malware vary depending on where the victim is physically located It is worth noting that.

With respect to this new Xenomorph campaign, victims may have been able to avoid having their devices infected with this malware if they had not been tempted to update Chrome. As most Android users know, app updates are provided directly from the Google Play Store, so there is no need to download them from a website or install them as a separate APK file.

Similarly, to avoid becoming a victim of Android malware, apps should not be side-loaded and new apps only from official Android app stores such as Google Play, Amazon Appstore, and Samsung Galaxy Store You should only install new apps from official Android app stores such as Google Play, Amazon Appstore, and Samsung Galaxy Store. Sideloaded apps are not subject to the same rigorous security checks as apps uploaded to official app stores.

For extra protection, you should also consider installing one of the best Android antivirus apps on your smartphone; Google Play Protect can scan new and existing apps for malware, but it is not available on the official Android app store. but does not offer the same features as paid Android antivirus apps.

Xenomorph is still relatively new malware, but multiple updates and new versions have already been released. Therefore, cybercriminals and hackers may continue to use this malware in their attacks and add more overlays of popular banking and crypto apps.