Nasty malware can steal login credentials for 400 banks

Malware can be used for many nefarious things. The scariest way it’s used is to steal banking information. Now, hackers are going straight for the financial reward, sidestepping the usual methods for data extraction.

Read on to see how Xenomorph malware goes after your banking details and what you can do about it.

Malware variant used to steal banking credentials

Xenomorph malware has been around for a few years, with hackers spending most of 2022 fine-tuning the code. Mainly used on small-scale targets, the malware failed to break into the virus market like others.

Cybersecurity researchers now believe that the initial version was only a test run, and the creators are ramping up its capabilities to be more devastating than before. ThreatFabric calls the latest version Xenomorph C and explains that the Android-based malware is a powerful banking Trojan.

“With these new features, Xenomorph can completely automate the entire fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android malware Trojans in circulation,” it explains in a blog post.

In addition, this malware is concerning because it targets over 400 financial institutions and cryptocurrency wallets. Xenomorph C could become one of the most dangerous malware variants around.

Steps to keep malware from infecting your devices

One way to protect yourself from malware is to only download applications from the official app stores, such as the Google Play Store or Apple’s App Store. Third-party libraries don’t have strong security steps as official app stores do.

Here are more ways to stay protected from malware:

  • Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information. Now, just previewing a Word doc can be dangerous.
  • Beware of phishing emails — Scammers send malicious emails to trick you into clicking links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
  • Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Continue reading

Security tip: 5 reasons you need to replace your router now

Your router is responsible for sending Wi-Fi signals to your phone, laptop, smart TV, security cameras and more. This makes you especially vulnerable if your router is hacked. Yes, that can happen.

Chinese threat actors are going after routers, telephone networks and online storage and using their combined power to target critical and military targets, steal login credentials and hijack banking information. Tap or click here to secure your home network.

Continue reading

Windows malware can steal social media credentials, banking logins and more

Many pieces of personal information are valuable to hackers and scammers. Your Social Security number can spell lots of trouble in the wrong hands. Your credit card and banking information is highly sought after, too, as criminals can drain your account in seconds.

Continue reading

If you're prompted to update Flash Player, ignore it!

Millions have used the popular Flash software from Adobe over decades. But the technology was eventually killed off in 2020. One reason it went away is it posed many security risks. Microsoft even released a patch that forcefully removes it.

Continue reading

Microsoft is emailing out gift cards (No, it's not a scam)

Phishing scams usually try to entice victims to click on malicious links. Those links can lead to fake websites where scammers hope you will enter personal details or banking information for them to steal. Tap or click here to see a recent fake invoice from Microsoft scam.

Continue reading

Got a warning you need to update your phone? It might be malware

There are plenty of ways hackers try to steal your banking information and personal data. Spam or phishing emails are incredibly effective, and so are personalized malicious text messages.

Hackers have also been found to create fake apps that look strikingly like the real thing. Once you install it, your mobile phone will be infected with malware. But taking that one step further, a group of hackers is now trying to convince you that your phone is already infected.

Continue reading

Clever sweepstakes scam targets your banking info

Sweepstake scams have been around almost for as long as the competitions have. If there is any situation where money can be made or stolen, you can bet your bottom dollar that scammers won’t be far behind.

AARP’s Fraud Watch Network was recently alerted to a sweepstakes scam making the rounds. The scammers have been targeting the elderly by telling them that they have won a prize. In another scam, they claim to be from the FBI. That is obviously not true, and they only want to steal your banking information.

Continue reading

Dangerous apps can ruin your phone - How to protect yourself

If Android is your platform of choice, now is the time to make sure your device is protected and you are not at risk of having your data and finances compromised.

We always recommend only downloading apps from the Google Play Store, as third-party app stores are not as secure. But, sometimes, malicious apps will even make their way into official app stores. Tap or click here for a recent list of 30 apps infecting Android devices.

Continue reading

2 new scams Komando readers emailed to tell me about

Everyone hates scammers, but we have to give them credit for the effort. You can only fool people for so long with the same old tech support and phishing scams, which is why creative new scams deserve extra attention and scrutiny.

Continue reading