US banks, crypto wallets subjected to expanded Xenomorph Android trojan attacks

BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal. Malicious APK with the Xenomorph trojan has been spread by operators in the newest campaign through phishing pages deceiving targets into updating their Google Chrome browser, according to a ThreatFabric report. Aside from having the new "mimic" feature that could enable the malware to purport as another app and act as a WebView, the updated Xenomorph trojan also includes "ClickOnPoint" functionality allowing tap simulation at certain screen coordinates, as well as an "antisleep" system aimed at curbing interruptions, researchers said. Moreover, infiltration of Xenomorph's payload hosting infrastructure revealed the presence of Cabassous and Medusa Android malware, the Private Loader malware loader, and the RisePro and LummaC2 Windows infostealers.