A new strain of Android malware that comes with a wide range of features and steals credentials from 226 apps was recently discovered and analyzed by security researchers.
The new trojan malware is called Alien and was discovered active since the start of 2020. It has been offered as a Malware-as-a-Service (maaS) on various underground hacking forums. Multiple security researchers from ThreatFabric dug into forum posts and samples of this malware to better understand its tricks, evolution and features.
In a report from ZDNet, it revealed that Alien targeted different apps like Twitter, Facebook, WhatsApp, Gmail, Snapchat and Telegram. Apart from those, the new malware appears to be targeting banking apps and present phishing pages to social, immediate messaging and even cryptocurrency apps.
The Alien Banking Trojan expands 2020's threat landscape alongside the demise of Cerberus Trojan.https://t.co/BjVN2XA2IA#Alien #Banking #Trojan #Malware pic.twitter.com/uKwVcxTWQP — Bank Security (@Bank_Security) September 24, 2020
Alien is not actually a new piece of code but actually based on the source code of a rival malware gang named Cerberus, security researchers revealed. And while Cerberus met its undoing because Google's security team discovered a way to detect and clean infected devices, Alien does not seem to share the same problem. The new malware is more advanced and far dangerous than Cerberus, according to security researchers. Alien has an impressive array of features including overlay content on top of other apps (feature used for phishing login credentials), log keyboard input and provide remote access to a device after installing a TeamViewer instance. It could also harvest, send, or forward SMS messages, steal contacts list, collect device details and app lists, collect geo-location data, make USSD requests and a lot more.
Get your #HackerTracker on! Episode 15: #Mobile Malware is #live#Malware is still a problem!! | @MakingTechEasy @dfiforensics @TruscottRossman @FraserLawFirm #DefeatTheBreach #CyberAttack #CyberSafe #android #ios#cybercrime #cybersecurity #StaySafe #CyberCriminals #cellphone pic.twitter.com/N7dJuSqdE9 — defeatthebreach (@defeatthebreach) July 31, 2020
Security researchers claim that most of these features were used for fraud-related operations with attackers targeting online accounts looking for money. Additionally, Alien was discovered supporting fake login pages of 226 other Android applications. The majority of these fake login pages were focused on intercepting credentials for e-banking apps.
Most of the banking apps targeted by Alien attackers were financial institutions based in Turkey, Spain, Germany, the U.S., Poland, France, Australia, the U.K., and Italy. The security researchers did not divulge details on how Alien gets into users' devices because this depends on how Alien Maas customers chose to launch it.
Most malware threats operate by targeting non-technical users. Considering that there are many non-technical users nowadays, Android malware is a lucrative business these days on various hacking forums. In order to prevent falling prey into this kind of scheme, it is important that users avoid installing apps from shady sites.
