Researchers at ThreatFabric have found the existence of an Android malware that affects over 226 Android apps. Dubbed “Alien”, the malware is reportedly a fork of the infamous Cerberus malware.

  • Keylogging
  • Remote access
  • SMS harvesting
  • SMS listing, forwarding, sending
  • Device info collection
  • Contact list collection
  • Application listing
  • Location collection
  • Overlaying:
  • Dynamic (Local injects obtained from C2)
  • Targets list update
  • Calls
  • USSD request making
  • Call forwarding
  • Remote actions
  • App installing, starting, removal
  • Showing arbitrary web pages
  • Screen-locking
  • Notifications
  • Push notifications
  • C2 Resilience
  • Auxiliary C2 list
  • Self-protection:
  • Hiding the App icon
  • Preventing removal
  • Emulation-detection
  • Modular Architecture

Alien malware is primarily in use in countries such as Spain, Turkey, Germany, the United States of America, Italy, France, Poland, Australia, the United Kingdom, and India. Image: ThreatFabric

  • SMS listing, forwarding, sending

  • Dynamic (Local injects obtained from C2)

  • Targets list update

  • USSD request making

  • Call forwarding

  • App installing, starting, removal

  • Showing arbitrary web pages

  • Screen-locking

  • Push notifications

  • Auxiliary C2 list

  • Hiding the App icon

  • Preventing removal

  • Emulation-detection

As always, the easiest way you can stay safe from such malware attacks is to not install apps from unknown sources. As an extra measure, it is recommended to keep the option to install apps from external sources disabled in your phone’s settings.