A new report from GBHackers reveals that a simple “To Do” app (it’s called Todo: Day manager) with over 1,000 installs is actually a malware-laden banking trojan known as Xenomorph. The Trojan was discovered by the Zscaler ThreatLabz team. Similar to the mythical Trojan horse, these apps have a surprise inside. Instead of soldiers, these apps contain malware that can collect personal data and steal your hard-earned money.
Take the Xenomorph Trojan. Once inside your phone, it can steal the login credentials you use for banking apps you have installed on your handset. From there it’s probably a little jump, jump and jump to get your bank account cleared. It can also intercept SMS messages and notifications allowing the attacker to access one-time passwords (OTPs) and two-factor authorization requests, which could cause problems with some of your accounts.
Don’t let your banking app login details get stolen by attackers
If you have the Todo: Day manager app on your phone, be sure to remove it immediately. Even though it has been removed from the Play Store, once the app is installed on your device, you should uninstall it as soon as possible. With only 1,000 installs, chances are you’ve probably never installed this app. But there are still some lessons to be learned here.
A legitimate Play Store app will never ask you to download an app from a third-party app store (a process known as sideloading).
Some malware victims unwittingly set the ball rolling by responding to a phishing scam. It is an email or other form of communication that appears to come from a specific company until it has the correct icons and graphics. But in reality, the email was sent by a malicious actor seeking to collect personal data and trigger a malicious application previously installed on your device.
One thing you can do to avoid future problems is to read the comments section of an app you’re considering installing from a developer you’ve never heard of before. Look for red flags that might warn you against downloading that specific title. These warnings usually come from users who have fallen victim to a malware-laden app.