A new strain of malware is on the loose, containing the ability to steal login credentials from hundreds of legitimate apps, a security firm warns…
Another week, another warning from cybersecurity experts about a new strain of mobile malware. This time, the malicious code is able to steal victims’ login information. And, it currently affects approximately 226 different Android apps, according to ThreatFabric, which recently released a report detailing the scam. What’s more, it’s been active since the beginning of this year.
Password-Stealing Alien Malware Affecting Hundreds of Android Apps
The new malware, named Alien, can be purchased as a Malware-as-a-Service or MaaS, on hacker forms found on the dark web. It can infect Android-powered devices with code that’s based on source language from the Cerberus trojan, a program that was created by a rival malware gang. Cerberus was highly active last year before Google’s security team discovered a way to detect it and wipe it away from infected devices.
Alien malware is equipped with a number of nefarious capabilities. Among them are the abilities to harvest, send, and forward SMS messages, steal 2FA codes, and also steal users’ contact lists. Alien is deployed via phishing sites, fake mobile applications, and through SMS text messages.
“The Alien malware is a rented banking Trojan which offers more than the average capabilities of Android banking Trojans. It has common capabilities such as overlay attacks, control and steal SMS messages and harvest the contact list. It can leverage its keylogger for any use and therefore broaden the attack scope further than its target list. It also offers the possibility to install, start and remove applications from the infected device. Most importantly, it offers a notifications sniffer, allowing it to get the content of all notifications on the infected device, and a RAT (Remote Access Trojan) feature.”