- New Campaign and Targets: Security researchers found a new Xenomorph malware campaign aimed at Android users in multiple countries including the U.S. and Canada. It targets cryptocurrency wallets and various U.S. financial institutions.
- Evolution: Initially a banking trojan, Xenomorph has evolved to become more modular and flexible, with the ability to target over 400 banks. It also features an automated transfer system, MFA bypass, and cookie stealing.
- Distribution Methods: The malware is distributed via phishing pages and embedded in legitimate Android apps. A new dropper named “BugDrop” was introduced to bypass Android 13 security features.
- Enhanced Features: New functionalities include a “mimic” feature that allows it to act as another application, “ClickOnPoint” for simulating screen taps, and an “antisleep” system for prolonged engagement.
- Associated Threats: Collaboration with other potent Windows malware suggests the possibility of Malware-as-a-Service (MaaS). ThreatFabric analysts also discovered other malicious payloads like Medusa and Cabassous during their investigation.
I think it’s important to keep in mind that LOS is a partial solution. Firmware blobs will go unmaintained, and abandoned source trees still remain abandoned even when minimally hacked up to build with a newer kernel.
We need hardware makers committing to some kind of update plan that keeps users safe over the long run at every level.