Notebookcheck Logo

A new money-stealing malware makes rounds on Google Play Store posing as an innocent app with over 50,000 downloads

A new malware has been discovered by cybersecurity firm ThreayFabric on the Play Store. (Image: RoonZ.nl via Unsplash)
A new malware has been discovered by cybersecurity firm ThreayFabric on the Play Store. (Image: RoonZ.nl via Unsplash)
A new type of malware has been discovered making rounds on the Google Play store. Posing as a run-of-the-mill device speeding app "Fast Cleaner", the malware attempts to steal financial information from users of more than 50 European banks.

Cybersecurity research firm ThreatFabric has discovered a new malware spreading through harmless-looking apps on the Google Play Store. Termed “Xenomorph”, the malware is targeting users of 56 banks in Europe. One of the apps that is disturbing the malware is a generic-looking, device cleaning app named “Fast Cleaner” that has been installed more than 50,000 times. Although the app is no longer available on the Google Play Store, many users may still have the application installed on their phones.

On the surface, Fast Cleaner is aimed at speeding up smartphones. But under the hood, the app tries to get Accessibility privileges and use those privileges to gain control of the targeted smartphone. After gaining access to Accessibility Services, the malware uses an overlay attack to steal user credentials as well as intercept SMS and notifications to defeat two-factor authentication systems.

ThreatFabric also expressed concerns about Xenomorph’s dormant capabilities. According to the firm, Xenomorph appears to be in active development and is not fully-featured yet. The firm has also warned that the malware is modular and scalable, so it can be developed further and more severe features of the app can be enabled through an update.

Finally, Xenomorph’s purpose is to acquire financial information and stealing money. Therefore, ThreatFabric is advising users to immediately uninstall the app. Such malware can also protect against uninstallation and leave behind code fragments in case a user successfully manages to delete malware-ridden apps.

So, if you think you may have been infected, change your passwords/pins of banking apps and call your bank if necessary.

Buy Yubico YubiKey 5Ci two-factor authentication security key on Amazon

App on the Google Play Store distributing Xenomorph malware. (Image source: ThreatFabric)
App on the Google Play Store distributing Xenomorph malware. (Image source: ThreatFabric)
Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 02 > A new money-stealing malware makes rounds on Google Play Store posing as an innocent app with over 50,000 downloads
Fawad Murtaza, 2022-02-24 (Update: 2022-02-24)