The cybercriminals behind a sophisticated Android banking Trojan called Xenomorph, who have been actively targeting users in Europe for more than a year, recently set their sights on customers of more than two dozen US banks.
Among those in the threat actor's crosshairs are customers of major financial institutions such as Chase, Amex, Ally, Citi Mobile, Citizens Bank, Bank of America, and Discover Mobile. New samples of the malware analyzed by researchers at ThreatFabric showed that it also contains additional features targeting multiple crypto wallets including Bitcoin, Binance, and Coinbase.
In a report this week, the Netherlands-based cybersecurity vendor said thousands of Android users in the United States and Spain since just August have downloaded the malware on their systems.
"Xenomorph, after months of hiatus, is back, and this time with distribution campaigns targeting some regions that have been historically of interest for this family, like Spain or Canada, and adding a large list of targets from the United States,"
ThreatFabric said. Users of Android devices from Samsung and Xiaomi — which together hold around 50% of Android market share — appear to be targets of specific interest for the threat actor.