ThreatFabric recently analyzed Xenomorph Android banking samples that display an expanded target list, including North American users. Threat researchers first discovered Xenomorph in February 2022.

The banking trojan is capable of mimicking legitimate websites to steal login credentials and personal information. The malware can also intercept notifications and bypass two-factor authentication. Threat actors used the trojan to target banking applications in Belgium, Italy, Portugal, and Spain last year, as well as some cryptocurrency wallets and email applications. The newly updated malware has overlays for more than 30 financial applications used in the US. ThreatFabric noted that its improved mimicking capabilities allow Xenomorph to pose as other applications to avoid triggering behavior detection.

Read More: