More than 30 U.S. banks have been targeted by a resurgent malware threat. According to a recent advisory by international IT and cybersecurity firm Threat Fabric, Xenomorph malware has reemerged in a new distribution campaign.
Threat Fabric’s cybersecurity analysts recently identified the resurgence, which relies on deceptive phishing webpages posing as a Chrome update to trick victims into downloading malicious Android package kits. Xenomorph was first identified in February last year and is known for using overlays to capture personally identifiable information such as usernames and passwords. The latest campaign is a geographical expansion, with thousands of Xenomorph downloads recorded in the United States. It had been predominantly active in Europe.
“Xenomorph maintains its status as an extremely dangerous Android banking malware, featuring a very versatile and powerful [automatic transfer system]engine, with multiple modules already created, with the idea of supporting multiple manufacturer’s devices,” Threat Fabric analysis wrote.
The Threat Fabric advisory includes information for identifying infections related to the Xenomorph malware.
