• Security researchers found a new Xenomorph malware campaign aimed at Android users in multiple countries including the U.S. and Canada. It targets cryptocurrency wallets and various U.S. financial institutions.
  • Initially a banking trojan, Xenomorph has evolved to become more modular and flexible, with the ability to target over 400 banks. It also features an automated transfer system, MFA bypass, and cookie stealing.
  • The malware is distributed via phishing pages and embedded in legitimate Android apps. A new dropper named “BugDrop” was introduced to bypass Android 13 security features.
  • New functionalities include a “mimic” feature that allows it to act as another application, “ClickOnPoint” for simulating screen taps, and an “antisleep” system for prolonged engagement.
  • Collaboration with other potent Windows malware suggests the possibility of Malware-as-a-Service (MaaS). ThreatFabric analysts also discovered other malicious payloads like Medusa and Cabassous during their investigation.
  • Cat@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    With Lineage OS, you probably can. It also seems to becoming more logical for common users to wipe and reinstall occasionally. Not that it is easy to do. It just seems like a lot of malware is hitting phones and that is likely to get worse.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I think it's important to keep in mind that LOS is a partial solution. Firmware blobs will go unmaintained, and abandoned source trees still remain abandoned even when minimally hacked up to build with a newer kernel.

      We need hardware makers committing to some kind of update plan that keeps users safe over the long run at every level.