A new report from GBHackers reveals that a simple “To Do” app (it’s called Todo: Day manager) with over 1,000 installs is actually a malware-laden banking trojan known as Xenomorph. The trojan was discovered by the Zscaler ThreatLabz team. Similar to the mythical Trojan Horse, these apps have a surprise inside. Instead of soldiers though, these apps contain malware that can collect personal data and steal your hard-earned money.
Take the Xenomorph trojan. Once inside your phone, it can steal the login information you use for the banking apps you have installed on your handset. From there, it is probably a small hop, skip and jump to having your bank account wiped out. It can also intercept SMS messages and notifications allowing the attacker to access one-time passwords (OTP) and two-factor authorization requests which could result in some hanky-panky taking place with some of your accounts.
Don’t let the login information for your banking app get stolen by attackers
If you have the Todo: Day manager app on your phone, make sure to delete it immediately. Even if it has been removed from the Play Store, once the app has been installed on your device, you need to uninstall it as soon as possible. With only 1,000 installs, the odds favor that you probably never installed this app. But there still are some lessons to be learned here.
A legitimate Play Store app will never ask you to download an app from a third-party app store (a process known as sideloading).
Some malware victims unwittingly put the ball in motion by responding to a phish. This is an email or another form of communication that looks like it is from a specific company right down to featuring the correct icons and graphics. But in reality, the email was sent by a bad actor looking to gather personal data and set off a malicious app that was previously installed on your device.
One thing that you can do to avoid future problems is to read the comments section of an app you plan to install from a developer you’ve never heard of before. Look for red flags that might provide you with a warning not to download this specific title. These warnings typically come from users who have been victimized by an app loaded with malware.