According to reports, researchers have discovered a new strain of Android-specific malware that comes with an array of features that allows it to steal credentials from 226 different applications. Known as Alien, the new trojan was first observed in the early 2020 year and is being offered as a Malware-as-a-Service (MaaS) on underground hacking forums.
Researchers from ThreatFabric say that Alien is not truly a new malware but is actually based on another malware known as Cerberus. The use of Cerberus fizzled in 2020, and its owner tried to sell its codebase and customer base, before eventually distributing that information for free.
ThreatFabric also said that Cerberus died out because Google’s security team discovered a way to restore infected devices. Although Alien may be based on Cerberus, the Google fix used for Cerberus doesn’t seem to work on Alien.
ALIEN can Steal 2-Factor Authentication CODES and PHISH APPS
According to ThreatFabric, Alien is also an Android banking trojan that has integrated remote-access features. Alien can display phony login screens and steal passwords for various apps and services. Reports also state that Alien: Can overlay content on top of other apps; log keyboard input; provide remote access to a device after installing a TeamViewer instance; harvest, send, or forward SMS messages; steal your contact list; collect geo-location data; forward calls; install and start other apps; lock the screen in a ransomware-like manner; and steal 2-factor authentication codes generated by authenticator apps.
Researchers have also said that Alien had fake login pages for 226 Android applications, with most of these fake login pages aimed at intercepting login credentials for e-banking apps. Most of the banking apps targeted by Alien are for financial institutions based mostly in Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK.
How Can I Detect an “Alien Invasion”?
One thing that can tip off potential victims of Alien is that many of these Alien-tainted apps require users to grant access to admin rights or the Accessibility service. You should follow safe browsing practices and protect yourself from Alien malware by avoiding any apps offered on shady and questionable websites that request access to these highly sensitive permissions.
If you are still having trouble, consider contacting remote technical support options.
