The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions, and cryptocurrency wallets.
The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen.
This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.
Besides being alert to this scam (and you should let your friends and family know as well), you should be aware of a few ways to protect yourself:
But remember, bank fraud can manifest itself in several forms, including:
To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.
Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge.
Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.
Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account.
And, as always, make sure you have strong cyber protections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked.
If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.
It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.