Xenomorph Android malware now targets U.S. banks and crypto wallets
Xenomorph Android malware now targets U.S. banks and crypto wallets
Xenomorph Malware Resurfaces with Expanded Targets - Insights from ThreatFabric
- New Campaign and Targets: Security researchers found a new Xenomorph malware campaign aimed at Android users in multiple countries including the U.S. and Canada. It targets cryptocurrency wallets and various U.S. financial institutions.
- Evolution: Initially a banking trojan, Xenomorph has evolved to become more modular and flexible, with the ability to target over 400 banks. It also features an automated transfer system, MFA bypass, and cookie stealing.
- Distribution Methods: The malware is distributed via phishing pages and embedded in legitimate Android apps. A new dropper named "BugDrop" was introduced to bypass Android 13 security features.
- Enhanced Features: New functionalities include a "mimic" feature that allows it to act as another application, "ClickOnPoint" for simulating screen taps, and an "antisleep" system for prolonged engagement.
- Associated Threats: Collaboration with other potent Windows malware suggests the possibility of Malware-as-a-Service (MaaS). ThreatFabric analysts also discovered other malicious payloads like Medusa and Cabassous during their investigation.
My last (and first) smart phone lasted me for 6.5 years. It received one OS update, and stopped receiving any other updates about three years in. I was never concerned. My current phone is about 3.5 years old, didn't receive the OS update in May, and I wonder how long it will receive security updates.
Anyway, it's the sort of stuff like this article talks about, that I never heard of in 2017, that makes me wonder if I'll get another three years out of this device. Maybe with Lineage.
With Lineage OS, you probably can. It also seems to becoming more logical for common users to wipe and reinstall occasionally. Not that it is easy to do. It just seems like a lot of malware is hitting phones and that is likely to get worse.
I think it's important to keep in mind that LOS is a partial solution. Firmware blobs will go unmaintained, and abandoned source trees still remain abandoned even when minimally hacked up to build with a newer kernel.
We need hardware makers committing to some kind of update plan that keeps users safe over the long run at every level.