Latin America. Xenomorph, a banking Trojan designed to attack Android devices that was first detected in February 2022, has increased its attack frequency in Mexico, now including banking service applications.
According to Víctor Ruiz, founder of SILIKN and Certified Cybersecurity Instructor, "Mexico is among the affected countries, so users are recommended to take measures such as being cautious with the applications they install from Google Play, as well as maintaining the number of apps running on their phones, to the minimum possible, and only install apps from known and trusted vendors.”
The expert's recommendations are given because this banking Trojan infiltrates Android devices via infected app downloads, or via phishing emails. Once installed, Xenomorph hides itself and starts collecting sensitive user information such as passwords and banking details.
Furthermore, "Xenomorph masquerades as an app called 'Fast Cleaner', which offers benefits such as speeding up the device by removing junk and enabling battery optimization." However, once installed, the malware starts collecting sensitive user information such as bank details and passwords.
In that sense, the attackers behind Xenomorph have expanded their target in Mexico to include users of banking applications, which increases the risk of financial fraud. “To date, Xenomorph has been found to impersonate the applications of more than 520 banking and financial institutions, including various cryptocurrency services.”
Specifically, this is a malware designed for Android devices that has managed to infiltrate Google's official application store, Google Play, and has been downloaded and installed around 78,000 times to date, much to the efforts of Google to detect and remove malicious apps from its store.
Victor's admonition is to keep the number of apps running on their phones to a minimum, and only install apps from known and trusted providers. Well, due to its features, “Xenomorph can fully automate the entire fraud chain, from infection to theft of funds, making it one of the most advanced and dangerous Android malware Trojans today.
The malware that has affected Latin America the most
Historically one of the most prevalent banking malware in Latin America has been Emotet, known to spread via phishing emails and to infect Windows, MacOS and mobile devices.
The countries most affected by Emotet, in Latin America, have been Brazil, Mexico and Colombia, taking into account information from information security companies, such as WeLiveSecurity, Kaspersky and Binary Defense, an organization that even published that this malware could attack from Wi-Fi networks.
It is important to note that the situation can change with time and the appearance of new malware, so it is crucial that users of digital devices in Latin America are aware of cyber threats and take preventive measures to protect their systems.
Leave your comment