Android/Trojan.Dropper.Xeno

Short bio

Android/Trojan.Dropper.Xeno is Malwarebytes' detection name for a modular Android banker Trojan.

Symptoms

Android/Trojan.Dropper.Xeno needs Accessiblity Services privileges, which it insistently requests after being started.

Type and source of infection

Android/Trojan.Dropper.Xeno opens an overlay for legitimate banking apps, mail clients, and cryptocurrency wallets. It uses these overlays to send entered data like usernames and passwords to the threat actor. Android/Trojan.Dropper.Xeno was available in the Google Play Store.

Protection

Malwarebytes for Android protects against Android/Trojan.Dropper

Remediation

These apps can be uninstalled using the mobile devices uninstall functionality, the tricky part is identifying the offending behavior and app. That is where Malwarebytes for Android can help by identifying these apps and remove.

Traces/IOCs

App name:

Fast Cleaner

Domains:

simpleyo5.tk Main C2
simpleyo5.cf Backup C2
art12sec.ga Backup C2
kart12sec.gq Backup C2
homeandofficedeal.com Overlay C2

Package names Fast Cleaner:

com.census.turkey
com.laundry.vessel
com.tip.equip
com.spike.old

Clean your device now

Download now

See personal pricing

Sign in to your account

Visit our support page

Android/Trojan.Dropper.Xeno

Short bio

Symptoms

Type and source of infection

Protection

Remediation

Traces/IOCs

Clean your device now

Download now

See personal pricing

Sign in to your account

Visit our support page

Android/Trojan.Dropper.Xeno

Short bio

Symptoms

Type and source of infection

Protection

Remediation

Traces/IOCs

Related blog content