Skip to Content
banking malware
© Vladimir Yudin |
Security & privacy

Nasty malware can steal login credentials for 400 banks

Malware can be used for many nefarious things. The scariest way it’s used is to steal banking information. Now, hackers are going straight for the financial reward, sidestepping the usual methods for data extraction.

Read on to see how Xenomorph malware goes after your banking details and what you can do about it.

Malware variant used to steal banking credentials

Xenomorph malware has been around for a few years, with hackers spending most of 2022 fine-tuning the code. Mainly used on small-scale targets, the malware failed to break into the virus market like others.

Cybersecurity researchers now believe that the initial version was only a test run, and the creators are ramping up its capabilities to be more devastating than before. ThreatFabric calls the latest version Xenomorph C and explains that the Android-based malware is a powerful banking Trojan.

“With these new features, Xenomorph can completely automate the entire fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android malware Trojans in circulation,” it explains in a blog post.

In addition, this malware is concerning because it targets over 400 financial institutions and cryptocurrency wallets. Xenomorph C could become one of the most dangerous malware variants around.

Steps to keep malware from infecting your devices

One way to protect yourself from malware is to only download applications from the official app stores, such as the Google Play Store or Apple’s App Store. Third-party libraries don’t have strong security steps as official app stores do.

Here are more ways to stay protected from malware:

  • Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information. Now, just previewing a Word doc can be dangerous.
  • Beware of phishing emails — Scammers send malicious emails to trick you into clicking links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
  • Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Keep an eye out – Malware-infected Word docs spreading

Use this easy, free check to see if a site or file contains malware

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started