With most of our online banking transactions, we can really sleep soundly at night knowing that someone who manages to steal our credit or debit card information can’t. Only steal our hard earned money when you have access to it. One-time passwords (OTP) that only we are aware of for the respective accounts. OTPs, also known as two-factor authentication (2FA), are often considered a more secure method for online transactions to prevent unauthorized access to your money.
However, over time it has become known that OTPs are not resistant and Alien, a recently developed Trojan tool, is a great example of how your banking application can be compromised. The Alien Remote Access Threat Tool is believed to have emerged from the Cerberus group of banking malware designed for financial theft and phishing-related activities. Published by security researchers at ThreatFabric, Alien is a comprehensive Trojan horse tool that can be remotely deployed by cyber attackers. Features include screen overlay attacks (where the Trojan takes control of your phone’s screen and therefore all its functions), SMS reading and editing, contact list access and harvesting, keystroke logging keys (an important method of stealing passwords), Location tracking and much more.
Along with all these features, ThreatFabric claims that Alien can also read and identify notifications. As a result, you can read and recognize the OTPs you get from your bank account for every transaction attempt, while completely bypassing the 2FA security you have set up for your account. For this purpose, the malware apparently implements TeamViewer on infected or affected devices so that the attacker has full control over your phone. This is because it could put your bank accounts and credit cards at total risk. It’s even more important that you keep an eye on what you are accessing or downloading from your phone.
According to ThreatFabric, Alien can distribute spear phishing (which apparently uses official email addresses to mislead users) or disguised third-party apps for various purposes, among other things. The applications that the malware tool is programmed to run include very popular applications such as Snapchat, Telegram, and Microsoft Outlook, and banking applications such as Capital One and Bank of America. It is currently unclear if the threat actors behind the alien malware are targeting India. However, the ThreatFabric report identifies Europe, the US and Australia as the main victims.