ThreatFabric has discovered a novel strain of the Android banking trojan, dubbed Xenomorph. This updated variant, named “Xenomorph 3rd generation,” has incorporated new capabilities that enhance its effectiveness in carrying out financial fraud, such as a comprehensive runtime engine that is fueled by Accessibility services.
Xenomorph’s previous version targeted 56 European banks, but this latest iteration is programmed to attack over 400 banking and financial institutions globally, including cryptocurrency wallets. The malware is propagated via Discord’s Content Delivery Network and can be disseminated via trojanized versions of authentic applications utilizing a technique known as APK binding service called Zombinder. Xenomorph can execute fraudulent activities through overlay attacks, automated transfer systems, and cookie-stealing functions, thus enabling bad actors to conduct account takeover attacks.