A recently discovered Trojan horse known as Alien attacks cryptocurrency apps on Android phones, including Coinbase, Blockchain.com and Luno. This new strain of pest is based on the infamous Cerberus Trojan that wreaked havoc on the Google Play Store until the responsible team calmed down. The lack of continuous distribution allowed Google Play Protect to destroy Cerberus almost completely by August 2020.
Alien 226 targets Android apps, mainly targeting the banking sector. In addition to stealing user credentials, malware can install and remove applications from an infected device and even intercept alerts:
Most importantly, it provides an alert tool to retrieve the contents of all alerts on an infected device, and the Remote Trojan Horse Access (RAT) feature (TeamViewer App Abuse), which means attackers can perform fake activities. From the victim’s unit. ”
The choice of Coinbase and Blockchain.com is understandable, as they are the two most popular cryptocurrencies. It is unclear why hackers are targeting the smaller Luno exchange (recently acquired by Digital Currency Group) without mentioning (to our knowledge) other industry giants such as Binance.