Operators of the Xenomorph banking trojan have updated the Android banker to allow more seamless financial fraud efforts, The Hacker News reports.
Hadoken Security Group researchers noted that Xenomorph 3rd generation has been equipped with a comprehensive Accessibility services-based runtime engine to enable total Automated Transfer System framework implementation and could now target over 400 banking and financial apps, compared with only 56 targeted by the banker's initial iteration, which emerged in February 2022.
Xenomorph v3 exploits Accessibility Service to facilitate overlay attacks for fraud, while its ATS module enables authenticator code extraction, according to the Hadoken report. Moreover, account takeover attacks are being made possible by the new cookie theft capabilities of the updated Android banker.
"With these new features, Xenomorph is now able to completely automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," said researchers.