Xenomorph: What to know about this Android banking trojan

Xenomorph pilfers victims’ login credentials for banking, payment, social media, cryptocurrency and other apps with valuable data

More than 50,000 Android devices were compromised with an Android banking trojan called Xenomorph earlier this year. First reported by ThreatFabric, Xenomorph posed as a system-optimizing app called “Fast Cleaner”. Disguising malicious software as device optimizers, battery- or performance-enhancing and other utility tools is a rather common tactic for dangerous Android malware.

Xenomorph is after people’s login credentials for banking, payment, social media, cryptocurrency and other apps with valuable personal information. More than 50 apps, including PayPal, Coinbase and Binance, were abused by the banking trojan, which can also intercept SMS messages and notifications in order to bypass two-factor authentication (2FA).

In this video, ESET Senior Malware Researcher Lukas Stefanko walks you through the functionality of the malware from the victim’s point of view.

If you’re worried that your own phone may have been compromised by malicious software or want to learn how to keep malware off your phone, our article about common signs your phone has been hacked will have you covered.

Stay safe!

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center

Newsletter

Discussion