ThreatFabric observed the malware being loaded by a dropper hiding in a Google Play application called “Fast Cleaner” (since reported to Google). And, they added, “It would be unsurprising to see this bot sport semi-automatic transfer system (ATS) capabilities in the very near future.”ĪTS is the process of automatically initiating wire transfers from the victims without needing to use credentials, thus bypassing 2FA and all anti-fraud measures. It also uses SMS and notification-interception to log and use potential two-factor authentication (2FA) tokens, according to ThreatFabric. However, they noted that it’s already making a mark on the banking trojan front: “Xenomorph is already sporting effective overlays and being actively distributed on official app stores.” That advanced functionality is not yet implemented, so the researchers have deemed Xenomorph as still under development.
“The information stored by the logging capability of this malware is very extensive, and if sent back to the C2 server, could be used to implement keylogging, as well as collecting behavioral data on victims and on installed applications, even if they are not part of the list of targets.” “The Accessibility engine powering this malware, together with the infrastructure and command-and-control (C2) protocol, are carefully designed to be scalable and updatable,” the researchers warned in a Monday posting.
0 kommentar(er)
