This dangerous Android malware is stealing from 100 banking apps — protect yourself now

Anthony Spadafora
·3-min read
Green skull on smartphone screen.
Green skull on smartphone screen.

The notorious Xenomorph Android malware has once again resurfaced and this time, it’s been upgraded with new capabilities that allow it to target over 100 different banking and crypto apps.

As reported by BleepingComputer, this banking trojan was first discovered by security researchers at ThreatFabric back in February 2022. Since then, we’ve seen a number of updates to Xenomorph, including one that made the malware modular and more flexible. However, it was also distributed using a dropper called BugDrop that let it bypass security features in Android 13.

Now though, an upgraded version of Xenomorph is being used in a new campaign that targets Android users in the U.S., Canada, Spain, Italy, Portugal and Belgium. This time around, a new “mimic” feature lets the malware act as another app on the best Android smartphones and a “ClickOnPoint” feature allows the cybercriminals behind it to simulate taps at specific places on your phone’s screen.

Since Xenomorph uses overlays to steal your credentials from banking and crypto apps to drain your accounts, this Android malware strain is particularly dangerous and one you want to avoid falling victim to at all costs.

Chrome updates as a lure

According to ThreatFabric, the cybercriminals behind this new campaign have decided to use phishing sites to infect unsuspecting Android users with the Xenomorph malware.

These phishing sites inform potential victims that the version of Chrome they’re using is obsolete and needs to be updated immediately. There’s a button at the bottom of the page that says “Upgrade Chrome” but instead of downloading a new version of Google’s browser, it leads to a malicious APK file. This APK file actually contains the Xenomorph malware which they’ve just unwittingly installed on their smartphone.

As with past versions of this banking trojan, it continues to use overlays to steal user credentials from banking and crypto apps. Here are just some of the banking and crypto apps it targets ( with the full list available on TheatFabric’s blog post):

  • Chase

  • Citi

  • Bank of America

  • Capital One

  • PNC

  • Santander

  • TD Bank

  • Wells Fargo

  • Coinbase

  • Binance

  • MetaMask

It’s worth noting that the overlays that come preloaded with the Xenomorph malware are different depending on where a victim is physically located.

How to stay safe from Android malware

A hand holding a phone securely logging in
A hand holding a phone securely logging in

Regarding this new Xenomorph campaign, victims could have avoided having their devices infected with this malware if they hadn’t fallen for the Chrome update lure. As most Android users know, app updates come directly from the Google Play Store and never need to be downloaded from a website nor installed as a separate APK file.

Likewise, to avoid falling victim to Android malware, you shouldn’t sideload apps and should instead only install new apps from official Android app stores like Google Play, the Amazon Appstore or the Samsung Galaxy Store. Sideloaded apps don’t go through the same rigorous security checks that apps uploaded to official app stores do.

For additional protection, you should also consider installing one of the best Android antivirus apps on your smartphone. While Google Play Protect can scan your new and existing apps for malware, it just doesn’t offer the same features that paid Android antivirus apps do.

The Xenomorph malware is still relatively new but we’ve already seen multiple updates and new versions released. As such, cybercriminals and hackers will likely continue to use this malware strain in their attacks and potentially add even more overlays for popular banking and crypto apps to it.

More from Tom's Guide

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories

  • Conservatives Routed in Worst Election Result for 200 Years

    LONDON—The Conservatives, the world’s winningest political party, were booted out of power in dramatic style on Thursday after 14 years of chaotic and divisive rule.The Labour Party had secured a landslide victory, ending an era of Conservative rule over Britain that stretches back to 2010; the year that the iPad and Instagram were launched and Lady Gaga wore that meat dress to the MTV music awards.In that time, the Conservatives have cycled through five leaders, each of them dragging the party

  • Horrifying moment husband wheels suitcase containing murdered wife from home while carrying child

    A husband who strangled his wife in front of her two children and lover on a video call was captured wheeling the suitcase containing her body out of his home.

  • The world must prepare for President Michelle Obama

    The 2024 US Presidential race intensifies. Speculation abounds over potential replacements for President Joe Biden amid increasing pressure from his party and the media to step aside after a jaw-dropping, catastrophic debate against Donald Trump last week. Among the names circulating, a game-changer is emerging: Michelle Obama. Could this be America’s worst nightmare?

  • When Ms ‘Malaysia’ visits Malaysia: American tourist gets warm welcome from locals awed by unique name (VIDEO)

    KUALA LUMPUR, July 5 — An American tourist decided to visit Malaysia for a special reason: Malaysia also happens to be h...

  • Embattled Biden makes latest gaffe saying he’s the ‘first Black woman to serve with a Black president’

    President’s July 4 blunder comes as he desperately tries to claw back confidence among voters and party members after last week’s debate flop

  • Joyce Chen confirms she has become a mother

    The TVB actress shares photos of her and her daughter, not revealing partner's identity

  • As AG stays silent, Rosmah presses on with bid to strike out money laundering and tax evasion charges

    KUALA LUMPUR, July 4 — Datin Seri Rosmah Mansor's money laundering and tax evasion trial proceeded today despite the lac...

  • Voices: Tory downfall: The 9 reasons it has all gone wrong for Rishi Sunak

    A series of world events, poor decisions and fatal gaffes conspired to see Rishi Sunak lead the Tories to the worst electoral defeat in his party’s 346-year history

  • Putrajaya submits diplomatic protest note to UN rejecting Manila’s bid to reclaim Sabah after Paris court rule

    Malaysia submits diplomatic note to UN Secretary-General António Guterres rejecting the Philippines’ claim to Sabah r...

  • The Head of NASA Is Being Awfully Catty About China's Amazing New Moon Samples

    China recently became the first country to ever return samples taken from the far side of the Moon, a historic mission that could have profound implications on our understanding of its evolution and ability to host human life. But thanks to a law called the Wolf Amendment, which was enacted by the US government in […]

  • Opinion: What Britain’s first Asian prime minister meant to my family

    The defeat of the Conservative Party in the UK election ends Rishi Sunak’s two-year premiership. Does it also sour the story of Britain’s first Asian prime minister, asks Sunder Katwala.

  • Beijing is laughing at the West’s weakness

    Russian aggression in Ukraine poses a threat to world peace and stability. China provides material support for Russia’s actions. All this is entirely clear. In Beijing, immediately after a meeting with Xi Jinping in April this year, US Secretary of State Antony Blinken said that “Russia would struggle to sustain its assault on Ukraine without China’s support”. This included selling huge quantities of machine tools and micro-electronics that would be used in the Russian defence industry.

  • How Obama mentored the new UK prime minister to help him tell his story

    The leader of the Labour Party, Keir Starmer, has been mentored by Barack Obama. The relationship is likely to continue if Starmer wins the UK election.

  • Victoria Starmer: Britain's 'reluctant' new first lady

    Sir Keir Starmer’s wife of 17 years has been largely absent from the campaign trial and isn’t at all keen on moving into No10. From her political roots to their unlikely meeting, Katie Strick charts the life of the PM’s fiercely private other half

  • Canadian Police Seek Suspects in Pants-on-Fire Arson

    One of two suspects in an arson in Richmond, British Columbia, set himself on fire and “despite efforts of both the suspects, [his] pants continued to burn,” according to Royal Canadian Mounted Police (RCMP).The RCMP released footage of the incident, which they said occurred in the early hours of April 24.“At approximately 4:30 am Richmond RCMP attended for an alarm at a business located in the 2600 block of Simpson Road,” police said.“Frontline officers located a broken window and small fire directly in front of it. Evidence was also located which indicated the fire had been intentionally set.“A subsequent review of video surveillance from the area determined that two unidentified men wearing masks had approached the business on foot prior to allegedly smashing the window and then lighting an object on fire. While lighting it, one of the suspect

  • ‘I’ve lost my job and my house, but my wife and I are worth £650m – how can we pay less tax?’

    Rishi Sunak, 44, finds himself in a bind. After a highly successful career in the City of London, followed by a brief but eventful spell in politics, he has suffered a serious demotion and been evicted from his home.

  • Zelensky U-turns as he invites Russia to attend peace summit without giving up land

    Volodymyr Zelensky has invited Russia to the next peace summit despite previously saying it could only join if it relinquished land in Ukraine.

  • Michelle and Barack Obama Celebrate Daughter Malia's Birthday with Sweet Throwback Photos: 'Still Willing to Hold Your Dad’s Hand'

    "You deserve the world and more," Michelle wrote to her daughter on Instagram

  • Van Jones Reveals ‘Behind The Scenes’ Moves That Could End Biden Campaign

    The CNN commentator detailed the “big conversation” taking place right now among Democratic insiders.

  • Lebanon's Hezbollah rains 200 rockets on Israel as Gaza war rages

    Lebanon's Hezbollah launched more than 200 rockets and drones at Israeli army positions on Thursday, escalating tensions between the two adversaries amid the Israel-Hamas war in Gaza.After months of deadlocked Gaza ceasefire efforts, Israeli Prime Minister Benjamin Netanyahu said he agreed to send a delegation for talks aimed at securing the release of hostages seized in Hamas's October 7 attack that sparked the war.The announcement, which came a day after Hamas said it had "ideas" on halting the nearly nine-month conflict, followed a phone call between Netanyahu and US President Joe Biden."The leaders discussed the recent response received from Hamas" and "the President welcomed the Prime Minister's decision to authorise his negotiators to engage with US, Qatari and Egyptian mediators in an effort to close out the deal," the White House said.Israel launched a military offensive against Hamas in the Gaza Strip on October 7, in response to an unprecedented attack by the Palestinian Islamist militant group on its territory.The next day Hezbollah, in support of its ally Hamas, opened a front on Israel's northern border with Lebanon, and the two sides have since exchanged near-daily cross-border fire.Hezbollah said it fired more than 200 rockets and "explosive drones" at army positions in northern Israel and the Israeli-annexed Golan Heights in retaliation for an Israeli strike that killed one of the Iran-backed group's commanders.Air raid sirens blared across northern Israel in the morning, and an AFP correspondent witnessed rockets crossing the frontier that were mostly intercepted by Israeli air defences but sparked wildfires.A military source said later a soldier was killed by a rocket fired into northern Israel.- Fighting in Gaza City -The Gaza war broke out after Hamas's October 7 attack on southern Israel resulted in the deaths of 1,195 people, mostly civilians, according to an AFP tally based on Israeli figures.The militants also seized 251 hostages, 116 of whom remain in Gaza including 42 the army says are dead.In response, Netanyahu vowed to "crush" Hamas and Israel's military launched an offensive that has killed at least 38,011 people in Gaza, also mostly civilians, according to figures from the Hamas-run territory's health ministry.Gaza's civil defence agency said seven people were killed Thursday in Israeli strikes, including five in a school in Gaza City, in the north of the besieged territory.Fighting raged in the city's Shujaiya neighbourhood and in Rafah, on the southern border with Egypt, where an Israeli evacuation order raised fears of a major new offensive.Since the order was issued on Monday, tens of thousands of Palestinians have fled eastern areas of Rafah and nearby Khan Yunis.The United Nations says 1.9 million people are thought to be displaced in Gaza, and that around nine in every 10 people in the territory have been uprooted at least once since the war broke out."Behind these numbers, there are people... that have fears and grievances. And they had probably dreams and hopes; the less and less, I fear today, unfortunately," said Andrea De Domenico, head of the UN humanitarian office in the Palestinian territories."People who in the last nine months have been moved around like pawns in a board game."- Evacuation order -The United Nations says up to 250,000 people were affected by Israel's order to evacuate 117 square kilometres (45 square miles) -- equivalent to one-third of Gaza's territory.The Israel-Hezbollah border clashes have killed at least 496 people in Lebanon, most of them fighters but also including 95 civilians, according to an AFP tally.Israeli authorities say at least 16 soldiers and 11 civilians have been killed on their side of the UN-patrolled border.The Gaza war at the heart of the violence has meanwhile raged on, with gun battles, air strikes and shelling rocking Gaza City for an eight straight day.Israeli troops "destroyed tunnel routes in the area and eliminated dozens of terrorists in close-quarters combat with tank fire, and in aerial strikes," the military said.- 'Maelstrom of human misery' -Israel has faced an international outcry over the soaring civilian death toll, punishing siege and mass destruction in Gaza.The UN humanitarian coordinator for Gaza, Sigrid Kaag, this week called for an end to the "maelstrom of human misery".Netanyahu has insisted Israel will destroy Hamas and bring home the remaining hostages.Biden, under growing domestic pressure over Washington's support for Israel, in late May outlined a roadmap for a six-week truce and exchange of hostages for Palestinian prisoners.There has been little progress since, but Hamas said Wednesday it was communicating with officials in Qatar and Egypt as well as Turkey with an eye to ending the conflict.Hamas said its Qatar-based political chief Ismail Haniyeh had "made contact with the mediator brothers in Qatar and Egypt about the ideas that the movement is discussing with them with the aim of reaching an agreement".Netanyahu's office said Wednesday that "Israel is evaluating the (Hamas) remarks and will convey its reply to the mediators".The main stumbling block so far has been Hamas's demand for a permanent end to the fighting, which Netanyahu and his far-right coalition partners strongly reject.burs-dv/kir