Kowatek Solar LTD
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site

Hadoken Security Group Upgrades Xenomorph Mobile Malware

A new variant of the Xenomorph Android banking Trojan was discovered by ThreatFabric security researchers and classified as Xenomorph.C.

According to the advisory released today by the company, the variant developed by the threat actor known as Hadoken Security Group represents a significant upgrade from the malware previously observed by ThreatFabric.

“This new version of the malware adds many new features to the already feature-rich Android Banker. Introducing a broad runtime engine. [Automated Transfer Systems] Frameworks”, read the technical article.

Thanks to its new capabilities, Xenomorph.C can now perform functions such as launching specified applications, displaying push notifications, stealing cookies, and forwarding calls.

“Xenomorph v3 is capable of running the entire fraud chain, from infection using Zombinder, through automated forwarding using ATS, to PII extraction using keylogging and overlay attacks,” wrote ThreatFabric.

“Additionally, the samples identified by ThreatFabric featured a composition with a target list of over 400 banks and financial institutions, including several cryptocurrency wallets.”

This number represents a 6x increase in targets compared to previous variants.

According to cybersecurity firms, Xenomorph.C’s growing popularity may also be related to the Hadoken Security Group’s establishment of a website promoting it.

“Website dedicated to advertising for this Android Banker [indicates] Clear intent to enter MaaS [Malware-as-a-Service] landscape and [starting] Large-scale distribution,” reads the advisory.

“This functionality is typical of more sophisticated malware families such as Gustuff and SharkBot, which have caused damage worth thousands of euros to targeted institutions,” ThreatFabric explains.

The team also confirmed that Xenomorph.C is distributed via third-party hosting services, primarily the Discord Content Delivery Network (CDN).

“ThreatFabric expects to see an increase in Xenomorph volumes. [once] It was again distributed via a Google Play Store dropper,” the company warned.

This malware was also mentioned in a Flashpoint article. The financial threat landscape in 2022 Reported as one of the most popular Trojans in 2022.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us