Android/Trojan.Dropper.Xeno
Short bio
Android/Trojan.Dropper.Xeno is Malwarebytes’ detection name for a modular Android banker Trojan.
Symptoms
Android/Trojan.Dropper.Xeno needs Accessiblity Services privileges, which it insistently requests after being started.
Type and source of infection
Android/Trojan.Dropper.Xeno opens an overlay for legitimate banking apps, mail clients, and cryptocurrency wallets. It uses these overlays to send entered data like usernames and passwords to the threat actor. Android/Trojan.Dropper.Xeno was available in the Google Play Store.
Protection
Malwarebytes for Android protects against Android/Trojan.Dropper
Remediation
These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.
Traces/IOCs
App name:
- Fast Cleaner
Domains:
- simpleyo5.tk Main C2
- simpleyo5.cf Backup C2
- art12sec.ga Backup C2
- kart12sec.gq Backup C2
- homeandofficedeal.com Overlay C2
Package names Fast Cleaner:
- com.census.turkey
- com.laundry.vessel
- com.tip.equip
- com.spike.old