A new trojan, named Alien, has attacked attacking crypto apps on Android phones, including Coinbase, Blockchain.com, and Luno, as this new malware strain is based on the Cerberus trojan, which wreaked havoc in the Google Play store until the team responsible became complacent.
It has been reported that Alien targets 226 Android apps, mostly geared toward the banking industry. In addition to stealing user credentials, the malware can install and remove applications from the infected device, and even intercept notifications.
“Most importantly, it offers a notifications sniffer, allowing it to get the content of all notifications on the infected device, and a RAT (Remote Access Trojan) feature (by abusing the TeamViewer application), meaning that the threat actors can perform the fraud from the victim’s device.”
However, lack of continued distribution allowed Google Play Protect to almost completely eradicate Cerberus by August 2020.
A new malware called Alien has been targeting crypto apps. Has your phone been abducted? @mmviii_2008 reports https://t.co/M85KycpvHA — Cointelegraph (@Cointelegraph) September 24, 2020
According to the report, the choice of Coinbase and Blockchain.com is understandable as these are two of the most popular crypto apps.
Thus, it’s not clear why the hackers targeted the much smaller Luno exchange, which was recently acquired by the Digital Currency Group.