A new malware — Alien — threatens all Android devices, capable of stealing credentials in over 226 applications.
Active since the beginning of the year, this dangerous code was released as Malware-as-a-Service (MaaS), that is, available to anyone wishing to use it for illegal purposes thanks to a monthly subscription.
Although the generic source code of Alien, which was born as a banking trojan, is still under study, ThreatFabric’s expert cybersecurity researchers are already working to identify the possible evolutions of the malware.
Currently, the new version of Alien has unquestionably dangerous capabilities such as full control of the smartphone interface and the possibility of monitoring the smartphone in real-time.
The malware, therefore, could have total freedom once it enters the smartphone of the victim. In fact, the virus can show the entire screen of the device to the criminal and can somehow show any type of credential when the user acts on a specific application. This means that the malware is able to make all kinds of passwords appear to the criminal when the user enters them.
And it doesn’t stop there; the Alien malware could also have access to the address book and text messages. From this point of view, Alien can not only easily find the list of contacts but also read and send messages.
During its analysis, researchers said they found that Alien had support for showing fake login pages for 226 other Android apps. Most of these fake login pages were aimed at intercepting credentials for e-banking apps. However, Alien targeted other apps as well, such as email, social, instant messaging, and cryptocurrency apps (i.e., Gmail, Facebook, Telegram, Twitter, Snapchat, WhatsApp, etc.).
Unfortunately, it is not easy to defend against such malware. Alien seems to be derived from Cerberus, another very powerful banking trojan that has made many ”victims.” Thanks to the Google security team, Cerberus now seems to have been completely eradicated — the team would have found the method to detect its presence and also eliminate it from devices.
The only solution we suggest is — not to install applications from unsafe or unofficial sites. And above all, do not grant access to the address book or other parts of the smartphone that can be too intrusive.
