The Coinbase wallet is among 226 Android applications targeted by a recently discovered Trojan dubbed ‘Alien.’ This malware mostly targets the financial services space and is a by-product of the dreaded Cerberus Trojan. According to ThreatFabric, which discovered the malware, this specific strain had caused a lot of trouble in Google play to an extent where the team in charge had become complacent.
Alien is quite an advanced malware given that the malicious players behind it can steal user credentials, intercept notifications, and alter the state applications on the compromised device. ThreatFabric noted:
“Most importantly, it offers a notifications sniffer, allowing it to get the content of all notifications on the infected device, and a RAT (Remote Access Trojan) feature (by abusing the TeamViewer application), meaning that the threat actors can perform the fraud from the victim’s device.”
The blog highlights that the next probable moves by those running ‘Alien’ would be to improve the Random Access Trojan or build an ATS function for automation of the fraudulent process. Nonetheless, it points out that the number of new banking Trojans will undoubtedly increase and come with more advanced features.
“The last quarter of 2020 will probably come with some additional changes to the threat landscape, especially since the source code of the Cerberus Trojan has been made publicly available. In the coming months, we can definitively expect some new malware families, based on Cerberus, to emerge.”
With crypto space growing aggressively, Trojan attacks have become more common as fraudsters move to capitalize on the shaky security ecosystems. IT security firm Eset had also recently discovered a Trojan malware targeting crypto traders who use Apple’s MACOS. Other instances include a cryptojacking ‘shellbot,’ which targeted Linux users back in 2019.