If you are an active user of banking apps on your Android smartphone, you must pay close attention to it.
Just when you think you’ve adhered to all necessary security protocols out there and thus you will be safe on the internet, a new threat pops out of nowhere!
Such is the case for the newest strain of Android malware that can do a lot of damage to your Android devices.
Active since the beginning of 2020, the new trojan called ‘Alien’ is getting popular as a MaaS aka Malware-as-a-Service in various underground hacking communities.
Cybersecurity researchers from ThreatFabric who closely analysed the sample of this malware reported that it is part of an entirely new generation of Android banking trojans which come equipped with remote access features thus making it extremely deadly.
As horrific as it sounds, if your Android device gets infected with Alien, then it can show you fake login screens, collect the passwords for your various apps and also let hackers get direct access to your device.
What makes this malware interesting is the fact that researchers have found it is not exactly built with new code. Instead, it uses the source code of a rival malware group known as Cerebrus.
Much like Alien, Cerberus in 2019 was being offered as MaaS before it finally died off this year. Its owner tried to sell both its codebase and customer base before eventually giving it for free.
According to ThreatFabric’s researchers, Cerebus ceased to exist because Google finally caught on, and their security team was able to find a way to both detect and clean all the infected devices. Now, to repeat the same old routine, Cerebus is back, albeit with enhancements and new name Alien.
Despite being based on the source code of Cerebus, currently, it’s being believed that this new trojan malware is a more dangerous security threat in its very own right.
It boasts of a massive list of capabilities including
- harvesting or sending SMS messages
- stealing contacts list, collecting device details
- collecting geolocation
- sniffing all the notifications being shown on the device
and much more.
ThreatFabric researchers, while analysing this malware strain, also found that it currently supports 226 fake login pages with most of them being aimed at net-banking apps.
This is terrifying as it highlights that Alien has been created as a specialised malware to target financial apps used by billions of Android users worldwide.
This Android malware is currently targeting banking app users in the countries – Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK. However, developing markets, such as India, Africa, where the smartphone revolution has just begun and users are comparatively more vulnerable are also under the radar of the hackers using Alien malware.
How Does Alien Infect Android Devices?
There is not much detail available about how Alien can land on your devices. It is primarily because it is MaaS and thus, it depends upon how criminal groups choose to distribute it.
This is not the first time when Android users are threatened by the risk of malware designed and developed for the sole purpose of stealing information. BlackRock, WolfRAT and many other recently emerged malware are a great threat to Android users due to the absence of security updates.
Nonetheless, generally, some of the hotspots for these type of malware are phishing pages which try to trick people into downloading fake software. Therefore, to safeguard your device, you must remember to not download any software or apps from shady-looking websites or forums.
It is safe to expect that Google will soon catch up to this particular threat as well and eliminate the same. Until then sit tight and make sure you are helping spread awareness about such dangers among the non-technical users of Android devices out there. We will keep you updated on all future developments. Stay tuned.