Xenomorph Android Malware Targets Customers of 30 US Banks


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The cybercriminals behind a sophisticated Android banking Trojan called Xenomorph, who have been actively targeting users in Europe for more than a year, recently set their sights on customers of more than two dozen US banks.

Among those in the threat actor's crosshairs are customers of major financial institutions such as Chase, Amex, Ally, Citi Mobile, Citizens Bank, Bank of America, and Discover Mobile. New samples of the malware analyzed by researchers at ThreatFabric showed that it also contains additional features targeting multiple crypto wallets including Bitcoin, Binance, and Coinbase.

In a report this week, the Netherlands-based cybersecurity vendor said thousands of Android users in the United States and Spain since just August have downloaded the malware on their systems.

"Xenomorph, after months of hiatus, is back, and this time with distribution campaigns targeting some regions that have been historically of interest for this family, like Spain or Canada, and adding a large list of targets from the United States," ThreatFabric said. Users of Android devices from Samsung and Xiaomi — which together hold around 50% of Android market share — appear to be targets of specific interest for the threat actor.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.