Quote:A newly uncovered banking trojan called Alien is invading Android devices worldwide, using an advanced ability to bypass two-factor authentication (2FA) security measures to steal victim credentials.
Once it has infected a device, the RAT aims to steal passwords from at least 226 mobile applications – including banking apps like Bank of America Mobile Banking and Capital One Mobile, as well as a slew of collaboration and social apps like Snapchat, Telegram and Microsoft Outlook.
The malware, which was first advertised for rent on underground forums in January, has been used to actively target institutions worldwide, including Australia, France, Germany, Italy, Poland, Spain, Turkey, the U.K. and the United States. Researchers believe Alien is a “fork” of the infamous Cerberus banking malware, which has undergone a steady demise in use over the past year.
“Based on our in-depth knowledge of the trojan, we can prove that the Alien malware is a fork of the initial variant of Cerberus (v1), active since early January 2020 and rented out at the same time as Cerberus,” said researchers with ThreatFabric, in a Thursday analysis. “Cerberus being discontinued, its customers seem to be switching to Alien, which has become the prominent new MaaS [malware as a service] for fraudsters.”
The Alien RAT has various commonly used Android malware capabilities, including the ability to launch overlay attacks, control and steal SMS messages and harvest contact lists – as well as keylogging, location-collecting and other capabilities.
However, it also touts several more advanced techniques, including a notification sniffer that allows it to access all new updates on infected devices. This includes 2FA codes – allowing the malware to bypass 2FA security measures.
Read more: https://threatpost.com/alien-android-2fa/159517/
![[-]](https://www.geeks.fyi/images/collapse.png)
