TECH

Two banking trojan-infected apps discovered on Google Play

Google has removed two new dropper apps that were discovered on the Play Store for Android, one of which distributed the Xenomorph banking malware.

"Xenomorph is a Trojan that steals credentials from banking apps on users' devices," they said researchers at Zscaler ThreatLabz in the analysis that was published late last week.

The malware can intercept SMS messages and user notifications, allowing the theft of one-time passwords and multi-factor authentication requirements.

The researchers said they discovered two apps, a daily planner and an expense tracker, that exhibited similar behavior, but noted that the latter was unable to download the malware due to a bug in the code. These are Todo: Day manager (com.todo.daymanager) applications that have more than 1000 downloads and 経費キーパー (com.setprice.expenses).

Both apps work as droppers, meaning the apps themselves are harmless, but they are a conduit for downloading malware, which in the case of the Todo: Day manager app is located on GitHub.

The Xenomorph, discovered in February of this year, is known to abuse Android access permissions to carry out attacks in which fake login screens are displayed in legitimate banking apps to steal victims' credentials.

ThreatLabz recalled that in the last three months it reported to Google more than 50 applications with a total of more than half a million downloads, which spread malware such as Joker, Harly, Coper and Adfraud.

mundophone