Researchers at ThreatFabric have found the existence of an Android malware that affects over 226 Android apps. Dubbed “Alien”, the malware is reportedly a fork of the infamous Cerberus malware.
According to ThreatFabric researchers, the creator of Cerberus shared the source code of the malware in August after a failed attempt to sell it. Although Google’s Play Protect detected all samples of Cerberus, Alien malware was not affected since it was allegedly based on an older version of Cerberus. As a result, Alien malware is now taking the place of Cerberus.
Alien malware is packed with malicious features and comes with a slew of capabilities. Here is what the malware offers as of now, according to the findings of ThreatFabric:
Alien Malware Features
- Keylogging
- Remote access
- SMS harvesting
- SMS listing, forwarding, sending
- Device info collection
- Contact list collection
- Application listing
- Location collection
- Overlaying:
- Dynamic (Local injects obtained from C2)
- Targets list update
- Calls
- USSD request making
- Call forwarding
- Remote actions
- App installing, starting, removal
- Showing arbitrary web pages
- Screen-locking
- Notifications
- Push notifications
- C2 Resilience
- Auxiliary C2 list
- Self-protection:
- Hiding the App icon
- Preventing removal
- Emulation-detection
- Modular Architecture
Alien malware is primarily in use in countries such as Spain, Turkey, Germany, the United States of America, Italy, France, Poland, Australia, the United Kingdom, and India.
The malware is mainly targeted at banking apps. The researchers have found evidence that Alien malware affects over 226 apps. Some notable apps include Kotak – 811 & Mobile Banking, HDFC Bank MobileBanking, SBI Anywhere, and iMobile by ICICI Bank. You can take a look at all the affected apps in the company’s blog post.
As always, the easiest way you can stay safe from such malware attacks is to not install apps from unknown sources. As an extra measure, it is recommended to keep the option to install apps from external sources disabled in your phone’s settings.
