The Nigerian Communications Commission’s Computer Security Incident Response Team (CSIRT) has found new dangerous software that steals Android users’ banking app login information.
The software known as Xenomorph, according to a security advisory from the Commission’s CSIRT, targeted 56 financial institutions across Europe. It has a high effect and vulnerability rate, according to reports.
Dr. Ikechukwu Adinde, the Commission’s Director of Public Affairs, revealed in a statement that Xenomorph is spread using a software called ‘Fast Cleaner’ that was sneaked into the Google Play store and masqueraded as a legal app.
According to him, it is apparently intended to eliminate garbage, boost device speed, and maximize battery life.
According to the statement, the software is nothing more than a tool for spreading the Xenomorph Trojan quickly and easily.
He emphasized that the malware’s primary goal is to steal credentials and that it does so via intercepting SMS and Notifications in order to log in and use potential two-factor authentication tokens.
Xenomorph, once installed on a victim’s device, may gather device information and SMS messages, intercept alerts and new SMS messages, perform overlay attacks, and prevent users from deleting it, according to the team. The malware also requests Accessibility Services privileges, which will allow it to grant itself additional rights.
“To avoid early detection or being denied access to the PlayStore, ‘Fast Cleaner’ was disseminated before the malware was placed on the remote server, making it hard for Google to determine that such an app is being used for malicious actions.”
The software also takes users’ banking credentials by overlaying bogus login pages on top of authentic ones, according to the researchers.
“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.