226 apps may face danger from Alien malware, a new strain of Android malware
By MYBRANDBOOK
Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications.
Alien, a new Trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums.
In a report shared this week, security researchers from ThreatFabric, an omnichannel solution to data malware etc; dug deep into forum posts and Alien samples to understand the malware's evolution, tricks, and features.
According to researchers, Alien is not truly a new piece of code but was actually based on the source code of a rival malware gang named Cerberus.
Cerberus, while an active MaaS last year, fizzled out this year, with its owner trying to sell its codebase and customer base, before eventually leaking it for free.
Digital solution portal, ThreatFabric says Cerberus died out because Google's security team found a way to detect and clean infected devices. But even if Alien was based on an older Cerberus version, Alien doesn't seem to have this problem and its MaaS stepped in to fill the void left by Cerberus' demise.
And researchers say that Alien is even more advanced than Cerberus, a reputable and dangerous trojan in its own right. ThreatFabric says Alien is part of a new generation of Android banking trojans that have also integrated remote-access features into their codebases.
This makes Alien a dangerous concoction to get infected with. Not only can Alien show fake login screens and collect passwords for various apps and services, but it can also grant the hackers access to devices to use said credentials or even perform other actions.
That's quite an impressive array of features. ThreatFabric says these are mostly used for fraud-related operations, as most Android trojans tend to be these days, with the hackers targeting online accounts, searching for money.
During its analysis, researchers said they found that Alien had support for showing fake login pages for 226 other Android applications
However, Alien targeted other apps as well, such as email, social, instant messaging, and cryptocurrency apps (i.e., Gmail, Facebook, Telegram, Twitter, Snapchat, WhatsApp, etc.).
Most of the banking apps targeted by Alien developers were for financial institutions based mostly in Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK.
ThreatFabric didn't include details about how Alien makes its way onto users' devices, primarily because this varies based on how the Alien MaaS customers (other criminal groups) chose to distribute it.
"A lot of it seems distributed via phishing sites, for example malicious page tricking the victims into downloading fake software updates or fake Corona apps (still a common trick at the moment)," Gaetan van Diemen, a malware analyst at ThreatFabric said
"Another method observed to be used is the SMS, once they infect a device they collect the contact list which they then reuse for further spreading of their malware campaign," he added.
Some malicious apps make it on the Play Store, once in a while, but most of the time, they're distributed through other channels, van Diemen said.
All of these shady Alien-tainted apps can be easily be spotted as they often require users to grant them access to an admin user or to the Accessibility service.
As self-evident of an advice "don't install apps from shady sites and grant them admin rights" might sound, not all Android users are technical enough to understand it, and many users will download and install apps from any location, and then just click through all the prompts during installations.
This is how malware operates in general, targeting non-technical users, and not the "experts." And there are many of these non-technical users around, hence why Android malware is big business these days on hacking forums.
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
AMARA RAJA POWER SYSTEMS LTD.
NETWEB TECHNOLOGIES INDIA LTD.
MICROTEK INTERNATIONAL PVT. LTD.
DRUVA SOFTWARE PVT. LTD.
Icons Of India : Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla recently made a comeb...
Icons Of India : Debjani Ghosh
Debjani Ghosh is the President of the National Association of Software...
ICONS OF INDIA : RAJESH NAMBIAR
Rajesh leads the company’s India associates and enhances relationshi...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
ECIL - Electronics Corporation of India Limited
ECIL is distinguished by its diverse technological capabilities and it...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...