Scary-sounding Xenomorph banking trojan is only the latest to be discovered in Play Store apps

Nuke this threat from orbit or it’s game over, man, game over

The Android app ecosystem gives developers room for creativity — but the trade-off is that hackers are getting creative with malware, too. Such dangerous apps can end up in Google’s Play Store and don’t always get pulled as quickly as we’d hope, often thanks to clever concealment. The most recent example is the banking trojan Xenomorph, which has been targeting Android users across Europe.

Concealed Xenomorph in Play Store

As discovered by Threat Fabric, dropper malware was hiding inside Fast Cleaner, an app purporting to be a solution for getting rid of digital clutter and boosting battery efficiency. Concealing code like that within a seemingly normal app is a common way to hide malicious software.

Droppers are programs designed to retrieve code from somewhere else and load it onto your device, and in this case the dropper was one previously known to Threat Fabric for delivering another banking trojan dubbed Alien — between that and other similarities with Alien’s code, it only seemed fitting for the firm to name this latest trojan Xenomorph.

The malware is still relatively new, but researchers have determined that it starts with an overlay attack — that’s when a bad app puts a window on top to mask a legitimate one. Thinking everything looks fine, users are then fooled into interacting with the overlay, which ends up feeding their data to the malware. It’s a pretty sneaky way to steal a host of vulnerable data like login credentials for online banking apps. Once Xenomorph is launched, it monitors your activity and when you open an app on its target list, it injects that overlay with its fake interface that makes you think you’re working directly with your bank. Threat Fabric reports that this list contains names of banks in Spain, Portugal, Italy, and Belgium in addition to some crypto wallets and email apps.

It looks like Xenomorph is still in an early stage of development, though Threat Fabric fears it has “a lot of untapped potential.” If you’ve installed the Fast Cleaner app — it has been downloaded over 50,000 times so plenty of people are affected — your device is not in great shape. The malware contains features designed to prevent efforts to remove it, so you may be stuck having to fully wipe your phone. Where’s a good cleaner app when you need it?

Matter, explained: What is the next-gen smart home standard?

Your devices will finally work together as they should

Read Next

About The Author