A newly discovered trojan, referred to as Alien, is presently attacking crypto applications on Android phones, along with Coinbase, Blockchain.com, & Luno. This new malware strain is based on the notorious Cerberus trojan, that wreaked havoc within the Google Play store until the team responsible became complacent. Lack of continued distribution permitted Google Play Protect to almost completely eradicate Cerberus by the month of August this year.
Alien targets 226 Android applications, mostly geared toward the banking system. Additionally to stealing user credentials, the malware can install and uninstall apps from the infected device, and even intercept notifications:
“Most importantly, it offers a notifications sniffer, permitting it to urge the content of all notifications on the infected device, and a RAT (Remote Access Trojan) feature (by abusing the TeamViewer application), meaning that the threat actors can perform the fraud from the victim’s device.”
The features of Coinbase and Blockchain.com is understandable as these are two of the foremost popular crypto-currency applications. It’s less clear why the hackers targeted the much smaller Luno exchange that was recently acquired by the Digital Currency Group, yet omitted so far as we know other industry giants like Binance exchange.