KEY POINTS

  • A new kind of password-stealing malware has been discovered
  • The "Alien" malware has the ability to steal user data from 226 widely-used Android apps
  • These include Facebook, Instagram, Twitter, Gmail, WhatsApp and e-banking apps

A new advanced malware capable of stealing passwords and contacts and give malicious users remote control over infected smartphones has been discovered. And the number of apps affected by the new strain of malware should cause a lot of concern.

Security researchers from ThreatFabric have revealed that a new malware called “Alien” has been doing nefarious work since the start of the year, giving people behind it access to a variety of private information belonging to those whose smartphones it has infected.

According to ThreatFabric, Alien is capable of stealing sensitive credentials from 226 apps. While most of these apps are used for banking purposes, some of them are very popular and are widely-used on a daily basis, such as Facebook, Instagram, Twitter and Gmail.

Alien is built on the source code belonging to a rival malware gang called “Cerberus.” The older trojan was offered as a Malware-as-a-Service (MaaS) last year but died out after Google found a way to detect it and clean the devices it has infected. Alien came after Cerberus, and although it is built on the older malware's code, it appears to be more advanced.

Alien has a slew of capabilities that make it a threat for everyone whose transactions are mostly done on their smartphones. These include:

  • Overlaying content on top of other apps (primarily used acquire login info)
  • Keylogging (logging keyboard input)
  • SMS harvesting: listing and forwarding SMS messages
  • Device info collection
  • Contact list collection
  • Collecting location data
  • Listing installed apps
  • Remote access
  • Installing apps on device
  • Starting apps
  • Removing apps from device
  • Remote screen locking

This list is not exhaustive. Alien is also capable of doing other things to an infected device, such as tweaking push notifications, forwarding calls and so on. The malware also has the ability to hide app icons (primarily to hide trojan app icons) and prevent its removal from the system.

Facebook said a group of Chinese users were using falsified accounts seeking to influence the US election, but did not link the actions to the Beijing government
The Facebook logo is pictured. AFP / Lionel BONAVENTURE

Gaetan van Diemen, a malware analyst at ThreatFabric, told ZDNet that “a lot of [Alien] seems distributed via phishing sites, for example malicious page tricking the victims into downloading fake software updates or fake Corona apps (still a common trick at the moment).”

That said, consumers are advised to avoid installing apps from dubious websites, much less grant them admin rights.

Here's a list of apps Alien has targeted (the full list, including app package names, can be seen via ThreatFabric):

  • Coinbase – Buy & Sell Bitcoin. Crypto Wallet
  • Blockchain Wallet. Bitcoin, Bitcoin Cash, Ethereum
  • BBVA Spain
  • Bankinter Móvil
  • Santander
  • UnicajaMovil
  • Bankia
  • EVO Banco móvil
  • Kutxabank
  • ruralvía
  • Akbank
  • Garanti BBVA Mobile
  • QNB Finansbank Mobile Banking
  • Connect for Hotmail & Outlook: Mail and Calendar
  • CEPTETEB
  • Yapı Kredi Mobile
  • Enpara.com Cep Şubesi
  • Halkbank Mobil
  • Kuveyt Türk
  • Ziraat Mobile
  • İşCep - Mobile Banking
  • VakıfBank Mobil Bankacılık
  • Ibercaja
  • ABN AMRO Mobiel Bankieren
  • IKO
  • mBank PL
  • Interbank APP
  • 楽天銀行 - 個人のお客様向けアプリ
  • Banca MPS
  • Gmail
  • mail.com mail
  • BNL
  • ING Italia
  • Yahoo Mail – Organized Email
  • norisbank App
  • La Mia Banca
  • HVB Mobile Banking
  • Commerzbank Banking - The app at your side
  • VR Banking Classic
  • Postbank Finanzassistent
  • TARGOBANK Mobile Banking
  • comdirect mobile App
  • DKB-Banking
  • Sparkasse Ihre mobile Filiale
  • Consorsbank
  • CA24 Mobile
  • Boursorama Banque
  • Banque
  • Crédit Mutuel
  • Mes Comptes - LCL
  • Banque Populaire
  • Ma Banque
  • L'Appli Société Générale
  • NAB Mobile Banking
  • CIBC Mobile Banking®
  • Halifax: the banking app that gives you extra
  • St.George Mobile Banking
  • Chase Mobile
  • Fifth Third Mobile Banking
  • iMobile by ICICI Bank
  • Mobile Banking UniCredit
  • Microsoft Outlook: Organize Your Email & Calendar
  • Bank of America Mobile Banking
  • Capital One® Mobile
  • SunTrust Mobile App
  • USAA Mobile
  • U.S. Bank - Inspired by customers
  • Wells Fargo Mobile
  • BMO Mobile Banking
  • UBI Banca
  • RBC Mobile
  • Intesa Sanpaolo Mobile
  • ING Mobil
  • Odeabank
  • Postepay
  • ŞEKER MOBİL ŞUBE
  • CommBank
  • Google Play
  • Banca Digital Liberbank
  • ING España. Banca Móvil
  • Cajasur
  • Banca Móvil Laboral Kutxa
  • Mi Banco db
  • Banco Sabadell App. Your mobile bank
  • BBVA Net Cash | ES & PT
  • Santander Empresas
  • PayPal Mobile Cash: Send and Request Money Fast
  • Santander mobile
  • Banco Caixa Geral España
  • Usługi Bankowe
  • Pekao24Makler
  • PekaoBiznes24
  • Facebook
  • imaginBank - Your mobile bank
  • WhatsApp Messenger
  • Snapchat
  • Twitter
  • Telegram
  • Instagram
  • Viber Messenger - Messages, Group Chats & Calls
  • CaixaBank
  • PeoPay
  • eBay: Buy, sell, and save money on home essentials
  • Getin Mobile
  • Citi Handlowy
  • ABANCA- Banca Móvil
  • NETELLER - fast, secure and global money transfers
  • Simplii Financial
  • TD Canada
  • ČSOB Smartbanking
  • Bitcoin Wallet - Airbitz
  • ePayments: wallet & bank card
  • N26 — The Mobile Bank
  • ING Australia Banking
  • Payoneer – Global Payments Platform for Businesses
  • CIMB Clicks Malaysia
  • plusbank24
  • Skrill - Fast, secure online payments
  • Mycelium Bitcoin Wallet
  • OTP SmartBank
  • K PLUS
  • KMA
  • SCB EASY
  • Netflix
  • Bendigo Bank
  • BankSA Mobile Banking
  • Bank of Melbourne Mobile Banking
  • Volksbank hausbanking
  • Mes Comptes BNP Paribas
  • Crédit du Nord pour Mobile
  • BusinessPro Lite
  • BPI APP
  • NB smart app
  • Santander Particulares
  • BOQ Mobile
  • La Poste - Services Postaux
  • CIC
  • Fortuneo, mes comptes banque & bourse en ligne
  • ASB Mobile Banking
  • iBiznes24 mobile
  • ScotiaMóvil
  • Carige Mobile
  • Mobilni Banka
  • 住信 SBI ネット銀行
  • CUA Mobile Banking
  • Bank Austria MobileBanking
  • Barclays
  • BOCHK
  • HSBC Mobile Banking
  • ANZ Australia
  • Bankia Wallet
  • Bank Australia app
  • Beyond Bank Australia
  • Sabadell Wallet
  • Santander Wallet
  • La Banque Postale
  • ANZ Shield
  • Fibabanka Corporate Mobile
  • myAlpha Mobile
  • Popular
  • Krungthai NEXT
  • BBVA Wallet Spain. Mobile Payment
  • BBVA México (Bancomer Móvil)
  • Santander Argentina
  • Mercado Libre: compra fácil y rápido
  • Santander Money Plan
  • Dhanlaxmi Bank Mobile Banking
  • Kotak - 811 & Mobile Banking
  • HDFC Bank MobileBanking
  • SambaMobile
  • Scotiabank Colpatria
  • Bancolombia App Personas
  • Westpac Mobile Banking
  • P&N BANKING APP
  • ING Bankieren
  • Türkiye Finans Mobile Branch
  • Enpara.com Şirketim Cep Şubesi
  • Google Play Games
  • TBC Bank
  • Citi Mobile®
  • TD Bank (US)
  • Union Bank Mobile Banking
  • ING Business
  • SpardaSecureApp
  • Bankwest
  • HSBCnet Mobile
  • permanent tsb
  • Bank of Melbourne Business App
  • BankSA Business App
  • St.George Business App
  • Westpac Corporate Mobile
  • National Bank of Canada
  • Servus Mobile Banking
  • Luno: Buy Bitcoin, Ethereum and Cryptocurrency
  • Alawwal Mobile
  • Emirates NBD
  • Bitcoin Wallet by SpectroCoin
  • Skype - free IM & video calls
  • Barclays US
  • NatWest Mobile Banking
  • Royal Bank of Scotland Mobile Banking
  • TSB Bank Mobile Banking
  • ActivoBank