Android malware is constantly changing. Barely Cerberus, the infamous banking Trojan horse, has retreated as another takes center stage. Called “Alien”, this new nightmare for Android users has been detected and analyzed by security researchers at ThreatFabric. It is in fact an offshoot of Cerberus, from which it takes much of the source code. It is therefore not impossible that its author was part of this former group of pirates, which broke up during the summer.
However, Alien is not a simple remake of Cerberus, but rather a remastered and augmented version. Thus the malicious code has two new features that its ancestor did not have, namely the installation of a backdoor and the interception of notifications. The first is implemented in a fairly basic way, through a TeamViewer executable, and allows you to have full control of the device. In future versions of Alien, it is likely that the authors will create their own remote access software, to gain stealth.
Interception of notifications, for its part, is based on a special access right of the Android system (Notification Listener Service), which the malware grants itself “manually” by tweaking with the graphical interface, by the through accessibility privileges, which are easier to obtain. In total, this Trojan is capable of attacking 226 mobile applications, mainly related to banking or cryptocurrency services.
Alien is mainly distributed in Europe, starting with Spain, Turkey and Germany. France is in sixth position. According to Zdnet, the main vector of infection is spread through a trapped site. Some copies can also be found on the Play Store. All the more reason to always be vigilant about the software that you install on your Android smartphone.