Alien malware a rising threat to mobile banking users

The Alien malware has quickly become a popular choice for cybercriminals to commit bank fraud. Here's why.

For over a decade, computer users have been plagued by malicious programs designed to steal their online banking credentials and initiate fraudulent transactions from their accounts. As mobile banking gained more adoption over the years, these programs followed the trend and jumped from computers to smartphones. One of the most widely used Android banking Trojans was abandoned by its creators last month, but the gap left in the cybercrime ecosystem is rapidly being filled by an even more potent one dubbed Alien.

"Not only is there an increase in the number of new Android banking Trojans, many of them also bring innovative features," researchers from cybercrime intelligence firm ThreatFabric said in a recent report. "More and more Trojans embed features that enable the criminals to take remote control of the infected device (RAT) — like the Alien Trojan itself — in order to perform the fraud from the victim’s device. We also notice an interest from actors in recording and stealing more information surrounding the victim. How that information will be used or monetized can vary; it is just a matter of time before actors find out about the value of such information."

The death of Cerberus 

Since 2014, several Android banking Trojans dominated the mobile threat landscape for various lengths of time. It started with the GM Bot and continued with Marcher, Exobot, Red Alert, Anubis and finally Cerberus, which appeared in 2019 and quickly rose to prominence. Most of these Trojans followed a malware-as-a-service model, where their creators marketed and rented out access to their Trojans and infrastructure to other cybercriminals.

Cerberus was successful and had a long list of features including the ability to display rogue screens over other apps (dynamic overlays), keylogging, SMS harvesting and sending, call forwarding, contact list stealing, device and app information collection, app installation and removal, and screen locking. The Trojan was designed to target seven French banking apps, seven US banking apps, one Japanese banking app and 15 non-banking apps.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.