Blog Post

Ritelink Blog > News > TECHNOLOGY > Beware of this new harmless-looking lifestyle app it is an Android banking malware

Beware of this new harmless-looking lifestyle app it is an Android banking malware

The ‘Xenomorph’ app trojan is as terrifying as it sounds

The Google Play Store has been a breeding ground for malicious Android apps masquerading as innocuous platforms — and it’s getting out of hand. In case you missed it, Zscaler ThreatLabz published a report last Thursday revealing that, within the last three months, it discovered over 50 apps (attracting 500k+ downloads) that had ill intentions. 

In one of its most recent discoveries, security researchers spotted a trojan dubbed Xenomorph hiding inside a harmless-looking lifestyle app. And it’s not any ol’ trojan; it’s a banking trojan. It’s designed to steal your sensitive information from banking apps. 

Beware of the Xenomorph

“Todo: Day Manager” is the name of the cyber threat. Not only can it steal credentials from banking applications on your device, but it can also intercept your text messages and notifications. This means it can snatch your one-time passwords and slip through any multifactor authentication barriers.

Upon installing the app, ToDo: Day Manager asks users to enable certain permissions. Once the unwitting victim acquiesces to its requests, the app makes itself your device’s admin — and blocks you from reversing this change. This ensures that you can’t install it from your phone.

Next, it superimposes an overlay (e.g. a fake login screen) on top of legit banking apps installed on your device, tricking you to enter your credentials. As a result, you may inadvertently hand over your banking information to cybercriminals. 

Interestingly, the researchers noticed that the modus operandi of the Xenomorph trojan is similar to another malicious malware family they discovered three months ago: the Coper banking trojan.

“This trojan was similarly embedded in apps on the Google Play Store and sourced its malware payload from the Github repo,” the report said.

Fortunately, Google removed the malicious threats from the Play Store, but this won’t be the last banking trojan that will wiggle its way into the Android app store. With so much malware sneaking past Google Play’s defenses, the search engine giant needs to deploy better hawk-eyed methods to keep cybercriminals at bay.

Leave a comment

Your email address will not be published. Required fields are marked *