A new money-stealing malware makes rounds on Google Play Store posing as an innocent app with over 50,000 downloads

Cybersecurity research firm ThreatFabric has discovered a new malware spreading through harmless-looking apps on the Google Play Store. Termed “Xenomorph”, the malware is targeting users of 56 banks in Europe. One of the apps that is disturbing the malware is a generic-looking, device cleaning app named “Fast Cleaner” that has been installed more than 50,000 times. Although the app is no longer available on the Google Play Store, many users may still have the application installed on their phones.

On the surface, Fast Cleaner is aimed at speeding up smartphones. But under the hood, the app tries to get Accessibility privileges and use those privileges to gain control of the targeted smartphone. After gaining access to Accessibility Services, the malware uses an overlay attack to steal user credentials as well as intercept SMS and notifications to defeat two-factor authentication systems.

ThreatFabric also expressed concerns about Xenomorph’s dormant capabilities. According to the firm, Xenomorph appears to be in active development and is not fully-featured yet. The firm has also warned that the malware is modular and scalable, so it can be developed further and more severe features of the app can be enabled through an update.

Finally, Xenomorph’s purpose is to acquire financial information and stealing money. Therefore, ThreatFabric is advising users to immediately uninstall the app. Such malware can also protect against uninstallation and leave behind code fragments in case a user successfully manages to delete malware-ridden apps.

So, if you think you may have been infected, change your passwords/pins of banking apps and call your bank if necessary.

Buy Yubico YubiKey 5Ci two-factor authentication security key on Amazon