Alien, the new malware that steals from your bank account

A new malware threatens Android devices: Alien is able to steal the credentials of as many as 226 apps

Alien is back to make Android tremble. It's not Ridley Scott's Alien, but a frightening malware capable of stealing the credentials used in 226 apps. Already active since the beginning of the year, this dangerous code has been released as Malware-as-a-Service (MaaS), which means that it is available to those who want to use it for illicit purposes thanks to a monthly subscription.

Although the study of the source code of what was born as Banking TrojanĀ is still under study, ThreatFabric's cyber security experts would already be at work to identify possible evolutions of the malware. In the report released this week, many of its features emerge, such as the ability to completely control the interface of the unfortunate user's device, with privileges ranging from changing settings to installing, using and removing apps. Last but not least, the opportunity to monitor the smartphone in real time, allowing you to know and study the user's behavior without ever revealing your presence on the other side of the screen.

Alien: what it is and where it comes from

The new malware is not that new. In fact, according to the opinions of the IT experts who had the opportunity to analyze it, Alien is a product derived from the source code of Cerberus, another banking trojan for Android.

This name will not sound completely foreign to some. In fact, MaaS has come under the spotlight not only for its dangerousness but also for another curious fact. After having tried and failed the auction of the source code, its creator has chosen - officially for lack of time, but probably for fear of getting involved in much more risky legal affairs - to release it for free to the hacker community that populates the Dark Web.

The story of Cerberus, today, seems to have come to a conclusion. Google itself, thanks to its security team, has found a way to detect its presence and eliminate it from infected devices. However, this trick does not seem to be applicable to Alien, despite the fact that the two malwares share some of the same code, so much so that it is considered a respectable threat capable of filling the place left vacant by its predecessor in the ranking of cyber risks.

Alien: how the malware works

Once inside the device, Alien has practically carte blanche. Showing fake login screens, the malware is able to steal passwords from apps or, as already mentioned, access app contents as a normal user would do.

Even your address book and text messages are at risk: Alien is able to steal your contact list, read and send messages without raising any suspicion. Equally dangerous are the features that allow you to steal 2FA codes generated by authentication apps or record your geolocation, reporting every move you make.

Alien: Where the malware has spread the most

Hackers who use it are mainly interested in banking apps in certain countries, such as Italy, Spain, Germany, United States, France, United Kingdom, Poland, Turkey and Australia.

Banking apps are not the only ones at risk: Alien's targets include social networking apps (Facebook, Twitter, to name a few), instant messaging apps (Telegram and WhatsApp) and email apps (such as Gmail).