The team further noted that the malware also steals victims’ banking credentials by overlaying fake login pages on top of legitimate ones.
“Considering that it can also intercept messages and notifications, it allows its operators to bypass SMS-based two-factor authentication and log into the victims’ accounts without alerting them.
“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, nine from Belgium, and seven from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services. The Fast Cleaner app has now been removed from the Play Store but not before it garnered 50,000+ downloads,” the CSIRT security advisory said.
NCC therefore advised telecom consumers to be on alert in order not to fall victim to this manipulation. It also urged telecom consumers and other Internet users, particularly those using Android-powered devices to use trusted Antivirus solutions and update them regularly to their latest definitions.
Also, the Commission implored consumers and other stakeholders to always update banking applications to their most recent versions. (Daily Trust)