Xenomorph Android malware: Now stealing data from 400 banks

Home/Compromised, Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update/Xenomorph Android malware: Now stealing data from 400 banks

Xenomorph Android malware: Now stealing data from 400 banks

A new version of the Xenomorph Android malware has been released with increased malicious capabilities, such as the Automatic Transfer System framework and the ability to steal credentials from 400 banks. Now equipped with these powerful tools, it can carry out even more damaging attacks on unsuspecting victims.

Xenomorph Android malware

The main product of this group is Xenomorph, a Android banking trojan discovered by ThreatFabric in February 2022. This malware family has been a work in progress for the entirety of 2022, and despite being distributed in small campaigns, it never truly reached the volume of other malware families on the threat landscape, such as Octo or more recently Hook.

Xenomorph v3 is much more capable than previous versions, capable of automatically stealing data including credentials, account balances, performing bank transactions and finalizing fund transfers.

According to ThreatFabric, Hadoken plans to distribute Xenomorph through a MaaS (malware as a service) platform. The recently created website promoting the latest version of this malware further strengthens this hypothesis.

The recent release of Xenomorph focuses on 400 financial institutions worldwide, in countries such as the United States, Turkey, Poland, Australia, Canada, Italy, the Portugal, France, Germany, the United Arab Emirates and India.

Some examples of targeted institutions include Chase, Citibank, American Express, ING, HSBC, Deutsche Bank, Wells Fargo, Amex, Citi, BNP, UniCredit, National Bank of Canada, BBVA, Santander and Caixa.

The latest version of Xenomorph introduces a powerful ATS framework, which allows hackers to quickly and easily extract credentials, check account balances, execute transactions and steal money from target apps – all without taking any remote action.


If you download apps from Google Play, it’s important to be careful with Zombinder: read reviews and research the publisher before hitting the install button. This way you can ensure that your security remains intact throughout the process.

It is highly recommended that you install and keep only a minimum number of applications on your phone, preferably those from trusted sources.



Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!