This app was caught stealing info from victims' bank apps — do you have it on your phone?
The 'Xenomorph' trojan is as terrifying as it sounds
The Google Play Store has been a breeding ground for malicious Android apps masquerading as innocuous platforms — and it's getting out of hand. In case you missed it, Zscaler ThreatLabz published a report last Thursday revealing that, within the last three months, it discovered over 50 apps (attracting 500k+ downloads) that had ill intentions.
In one of its most recent discoveries, the security researchers spotted a trojan dubbed Xenomorph hiding inside a harmless-looking lifestyle app. And it's not any ol' trojan; it's a banking trojan. It's designed to steal your sensitive information from banking apps.
Beware of the Xenomorph
"Todo: Day Manager" is the name of the cyber threat. Not only can it steal credentials from banking applications on your device, but it can also intercept your text messages and notifications. This means it can snatch your one-time passwords and slip through any multifactor authentication barriers.
Upon installing the app, ToDo: Day Manager asks users to enable certain permissions. Once the unwitting victim acquiesces to its requests, the app makes itself your device's admin — and blocks you from reversing this change. This ensures that you can't install it from your phone.
Next, it superimposes an overlay (e.g. a fake login screen) on top of legit banking apps installed on your device, tricking you to enter your credentials. As a result, you may inadvertently hand over your banking information to cybercriminals.
Interestingly, the researchers noticed that the modus operandi of the Xenomorph trojan is similar to another malicious malware family they discovered three months ago: the Coper banking trojan.
"This trojan was similarly embedded in apps on the Google Play Store and sourced its malware payload from the Github repo," the report said.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Fortunately, Google removed the malicious threats from the Play Store, but this won't be the last banking trojan that will wiggle its way into the Android app store. With so much malware sneaking past Google Play's defenses, the search engine giant needs to deploy better hawk-eyed methods to keep cybercriminals at bay.
Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!