New Trojan malware named Alien can implement multiple features and steal credentials from 226 Android apps in several countries, including in India.
New Trojan malware named Alien can implement multiple features and steal credentials from 226 Android apps in several countries, including in India.
Researchers from ThreatFabric discovered and analysed a new strain of Android malware, tracked as Alien.
The Alien malware
According to researchers, Alien is not a new piece of code, but it is source code of a rival gang named Cerberus.
Cerberus was active last year and succumbed out this year. ThreatFabric says that Cerberus died out because Google’s security team found a way to detect and clean infected devices, but Alien doesn't seem to have this problem. It's malware-as-a-service (Mass) stepped in to fill the void left by Cerberus' demise. Alien is an even more advanced and dangerous trojan than Cerberus.
The Alien is a part of a new generation of Android banking trojans, with integrated remote-access features into their codebases.
According to ZDNet, most targets are banking apps, but Alien can also show phishing pages for social and instant messaging.
Alien targets apps, including Facebook, Gmail, Twitter, Telegram, WhatsApp, Snapchat, as well as cryptocurrency apps.
Alien can not only show fake login screens and collect passwords for various apps and services, but it can also permit hackers to access the devices using the credentials or even perform other actions.
According to ThreatFabric, the features of Alien are:
- Can overlay Overlaying: Dynamic (Local injects obtained from C2)
- Keylogging
- Provide remote access
- SMS harvesting: list, forward or send messages
- Collect device information
- Contact list collection
- Application listing
- Collect location
- Overlaying: Targets list update
- Calls: USSD request making and forward call
- Remote actions: installing, starting or removal of apps
- Exhibit arbitrary web pages
- Remote actions: Screen-locking
- Notifications: Push notifications shown on the device
- C2 Resilience: Auxiliary C2 list
- Self-protection: Hiding the App icon, preventing removal and evaluation-detection
- Steal 2FA codes generated by authenticator apps
Experts reported that Alien targeted the apps used by financial institutions mostly in Germany, Turkey, France, Italy, Spain, Australia, Poland and the UK.
“A lot of it seems distributed via phishing sites, for example, malicious pages tricking the victims into downloading fake software updates or fake Corona apps (still a common trick at the moment)," Gaetan van Diemen, a malware analyst at ThreatFabric.
He also added that the malware is observed to be used in the SMS, where they collect the contact list of the infected device and then reuse it for further spreading of their malware campaign.
The researchers recommend all financial institutions to understand their current and future threat exposure and consequently implement the relevant detection and control mechanisms.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?