Android Trojan Called 'Alien' Can Steal OTPs, And Risk Your Bank Account

One-time passwords or OTPs are often considered to be the single most important security check in the digital payment system through any bank.

While many of us find them to be unbreachable, the fact of the matter is that some Android malwares are capable of extracting these OTPs, putting the victims at a financial risk.

(Representative Image: Reuters)

A new malware by the name of ¡®Alien¡¯ has now been identified by security researchers at ThreatFabric. The Trojan tool can be employed remotely by cyber attackers and is believed to have ¡°more than the average capabilities of Android banking Trojans.¡±

A recent report by ThreatFabric highlights the same. The report mentions that the new Trojan has been developed from the Cerberus group of banking malware that was in practice last year. The malware was specifically designed for financial theft and related phishing activities.

The evolved malware

As for Alien, the report marks a list of threats that the Trojan possesses. Most important of these is the notifications sniffer that allows the attacker to view the content of all notifications on the infected device.

In addition to this, Alien uses a RAT (Remote Access Trojan) feature by abusing the TeamViewer application. RAT enables the threat actors to perform the fraud from the victim¡¯s device.

Some of the other malicious features of the Trojan enable it to conduct screen overlay attacks, control and steal SMS messages, harvest the contact list, keylogging (a way of stealing passwords), location tracking and more. The report mentions that Alien also possesses the capability to install, start and remove applications from the infected device.

ThreatFabric says that the two malwares, Cerberus and Alien, can be distinguished from their C2 protocols. While the C2 requests in the case of Cerberus are limited to an ¡®Action name¡¯ and ¡®Encrypted action data¡¯, those in Alien have an added ¡®Action ID¡¯ and ¡®Tag¡¯ in addition to the two.

(Representative Image: Reuters)

Since the two Trojans are based on the same code, they share most functionalities. TeamViewer based remote control of the infected device as well as the notification sniffer are the two major features added by the authors of Alien.

ThreatFabric points out that Alien is a Trojan actively targeting institutions worldwide. In a chart, it shows that actors using Alien have a particular interest in the usual set of ¡°most targeted countries¡±, such as Spain, Turkey, Germany, United States of America, Italy, France, Poland, Australia and the United Kingdom. The threat, however, is not limited to these countries.