June 20, 2024

20220317 Malware Android

Android malware steals passwords – here’s how to protect yourself

Security experts warn of a new banking Trojan bearing the name xenomorph. It hides in the Google Play Store and accesses the smartphones of its victims by downloading apps. His goal is to steal bank data. xenomorph It’s not the only malware that has made the Play Store unsafe recently. Find out more about threats and how you can protect yourself from them, for example through preventive measures or password management.

xenomorph Threatening thousands of users

Trojan horse found in Fast Cleaner app. Fast Cleaner promises to improve smartphone performance by removing unwanted data from the app. However, when you install it, you are downloading dangerous malware on your cell phone.

xenomorph uses screen overlays (“overlays”) to trick the user into entering usernames and passwords; It also collects information about infected devices and reads users’ text messages.

This feature allows malware to intercept the login credentials of bank accounts and webmail accounts. It can also capture temporary codes that you use with two-factor authentication and other notifications sent to your phone via text messages.

Experts consider the code of xenomorph He took a closer look and found that the Trojan can generate very convincing fake screens that are similar to nearly 60 different banking apps in Belgium, Italy, Portugal and Spain. He also managed to spoof login screens for Gmail, Google Play, Hotmail, Mail.com, Microsoft Outlook, PayPal and Yahoo Mail.

thibot Hides in the QR code scanner

Another well-known banking Trojan is thibot. It recently returned to Google Play after Google previously removed it from the Store.

See also  Amazon is planning a giant chain of video game series "Mass Effect" and wants to pull all the stations - News 2021

It hid in an app called QR Code & Barcode Scanner, of which there are many similar names and functions. The app has already been downloaded more than 10,000 times and has received numerous user reviews, with half of them giving the app five stars. However, the app has since disappeared.

The app was able to bypass Google Play’s verification mechanisms because it temporarily remained harmless after installation. However, it asks the user for permission to install an add-on. This includes downloading software from an unknown source – and downloading a Trojan horse thibot.

Once installed, the malicious add-on misuses the settings to Accessibility for Android (intended for blind or deaf users) to control the phone’s screen, interact with other apps, and intercept text messages.

This means that thibot how xenomorph Not only can the login credentials of bank accounts, webmail, social media, and other sensitive accounts be intercepted. It is also capable of stealing sent or generated two-factor authentication codes designed to prevent cybercriminals from logging in with stolen passwords.

This is how you identify malware and protect yourself from it

Get to know the app in advance

First of all, you should of course make sure that malware does not get to your smartphone in the first place. Avoid downloading apps from unknown providers.

Although Google verifies apps before adding them, fake apps continue to enter the Store (see above). Just last year, security experts reported 151 malicious apps with just over ten million downloads. And this is just one case exposed in many cases.

See also  This is what the "prototypes" of the next generation of Apple smartphones could look like

If you still want to download an unknown app, check reviews to see what apps the manufacturer still offers, and download numbers. Type the name of the application into the search engine; You may already receive notifications here that indicate a malicious app.

If you are unsure, do not download the apps.

Use a password manager

As you have seen, once it was installed on users’ smartphones, it was easy for a Trojan to steal login credentials. With Password manager You can prevent cybercriminals from using your stolen password for your other accounts.

Password Manager helps you create complex and unique passwords, store and manage them in a virtual vault. Even if a hacker steals the credentials from one of your accounts, they cannot use them on other accounts.

Virus Scanner Yes or No?

If you only use the Play Store, you don’t necessarily need an additional antivirus. because with google play for protection Does the Play Store already have a good built-in virus scanner (for example, a . file? Discover the Trojan state of Lipizan).

However, if you download apps from unknown sources, there is no harm in looking for one of them Reputable Virus Scanner Alternative With additional security features.


To protect yourself from malware and trojans, you need to be careful where you get your apps from. Still the safest source is the Play Store with Google Play Protect. Moreover, take a closer look at the permissions required by the app. If the app requires too many permissions, you’d better look for an alternative. You should also install updates for your system and apps regularly, activate all security functions (encryption, PIN, etc.) and protect your passwords with a password manager. Regular backups are also essential.

See also  Is your iPhone still getting the update or is it too old?