February 27, (THEWILL) – Fast Cleaner, an app found on Google Play store has been identified as a newly-hatched malicious software that steals users’ banking app login credentials on Android devices.
Based on the description of the app on Playstore, it helps devices to clean up junks and boost performance.
But it is a channel by which a malware, Xenomorph, is propagated, according to the Nigerian Communications Commission (NCC).
Xenomorph is a malware that was designed to steal credentials, combined with the use of SMS and Notification interception to log-in and use potential 2-factor authentication tokens.
According to the NCC, there is more than one junk cleaning app named ‘Fast Cleaner’ on Google Playstore.
The malicious Fast Cleaner has been deleted from the store, according to The NCC’s Computer Security Incident Response Team (CSIRT), but it gained over 50,000 downloads before its exit.
CSIRT said on Saturday that Fast Cleaner is a means by which the Xenomorph Trojan could be propagated easily and efficiently.
The team explained that the app found its way to the Google Playstore before Xenomorph was placed on the remote server.
According to CSIRT, the strategy used to deploy the malware makes it difficult for Google to determine that the app is being used for malicious purposes.
When installed, NCC explained that Fast Cleaner for Accessibility Services privileges, which gives it further permissions to access user data.
When users try to uninstall the app, CSIRT said the app is unlikely to uninstall from the targeted device.
Another way it harms victims is by stealing their banking credentials by overlaying fake login pages on top of legitimate ones.
They are launched to conduct financial transactions without the victim’s knowledge, and their operators will in turn sell the victim’s data to other interested parties.
“Xenomorph has been found to target 56 internet banking apps, 28 from Spain, 12 from Italy, 9 from Belgium, and 7 from Portugal, as well as Cryptocurrency wallets and general-purpose applications like emailing services. The Fast Cleaner app has now been removed from the Play Store, but not before it garnered 50,000+ downloads”, the CSIRT said.
About the Author
