A new malware by the name Alien is prowling the web in the form of shady ads and proxy website applications. It affects Android-based software and has already affected 226 apps to date.
According to analysts at ThreatFabric, a security research firm, Alien is a Malware-as-a-Service (MaaS) that has been active on underground hacking forums since the beginning of 2020. It has been active in almost all corners of the world – USA, Australia, and Europe. Furthermore, it has targeted e-banking services in the past, along with several other emails, instant messaging, and cryptocurrency applications.
Alien is reportedly anchored on the structure of another malware called Cerberus, which died out last year because Google’s security team detected it. Cerberus’ creator tried to sell its source code but ultimately ended up uploading it for free. It was then adopted by the creators of Alien, who ensured that no security systems would detect it.
Alien’s Modus Operandi
The malware is able to hack 2FA, and can also phish a lot of Android applications. Moreover, Alien can display fake login screens for several day-to-day apps in order to collect passwords. It can also use proxy applications and shady advertisements to access a target PC and steal sensitive data or perform other malicious activities.
Once a computer is infected with Alien, the malware can log keystrokes, take screengrabs, steal sensitive information, and even lock the system, serving as ransomware.
Apps which are already infected with a malware like Alien are easy to spot once they are installed in a system. Characteristically, they require users to grant them admin permissions.
A simple yet effective method to prevent an Alien invasion is to avoid installation of apps from shady websites. It is also advisable to deny admin access to such apps.
