Once a device is connected to the internet, it becomes part of a worldwide network.
And lurking in the dark, waiting for unsuspecting victims who don't know what they're doing, is the 'Xenomorph' malware, a baking trojan that has been rapidly evolving since it was first detected in 2022.
At first, it wasn't that capable.
But as time passes, the malware has become a sophisticated tool in the hands of hackers.
This is because the malware can spread quickly, and steal confidential information, including banking credentials, two-factor authentication (2FA) codes, and SMS messages.
And this time, security researchers have discovered a campaign that distributes the Xenomorph malware to Android users beyond just Spain, Portugal, Italy, and Belgium, to also include the Unites States.
According to a report by cybersecurity company ThreatFabric said that the malware has been enhanced to also target users of cryptocurrency wallets and various U.S. financial institutions.
When Xenomorph first appeared in the wild, its target were banks and financial institutions in Europe.
The malware which is typically distributed through phishing emails or malicious apps that are disguised as legitimate software, uses screen overlay phishing.
To target those in the U.S., the malware has been rewritten to make it modular and flexible.
It was only since, that the Xenomorph became Zimperium's top ten most prolific banking trojans, and has already achieved the "major threat" status.
Once installed on a device, the malware can gain root access and become very difficult to remove.
This malware is also capable of hiding its icon once it's installed, and prevent itself from being flagged as suspicious by most mobile security tools.
Although this enhanced Xenomorph isn't really different from its previous variants, and that it's method of infection remains the same, it's reach has been significantly amplified.
Instead of 'just' 56 banks and financial institutions, Xenomorph can now target over 400 banks.
"Xenomorph, after months of hiatus, is back, and this time with distribution campaigns targeting some regions that have been historically of interest for this family, like Spain or Canada, and adding a large list of targets from the United States," ThreatFabric said.
It's worth noting though, that the researchers managed to take advantage of the weak security measures implemented by the malware operator.
ThreatFabric analysts said that they could access their payload hosting infrastructure, and found some more information about this particular malware.
Especially, they discovered additional malicious payloads, including the Android malware variants Medusa and Cabassous, the Windows information stealers RisePro and LummaC2, and the Private Loader malware loader.
Because there is no easy way to avoid this malware, users can prevent infection by paying attention to any prompts on their mobile devices that ask for browser updates.
People should also refrain from installing software from Windows from third-parties, because the researchers found that Xenomorph's distributions also piggyback potent Windows malware.
This suggests collaboration between threat actors or the possibility of the Android trojan being sold as Malware-as-a-Service (MaaS).
It's also worth noting that users of Android devices from Samsung and Xiaomi - which together hold around 50% of Android market share - appear to be targets of specific interest for the threat actor.