Skip to content

Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted

25 September 2023


AMSTERDAM, Monday 25th September - As digital adversaries evolve, ThreatFabric's vigilant cyber fraud analysts have uncovered the latest wave of the Xenomorph malware, with over 30 US banks now directly targeted in the recent expansion into the US.

Drawing a parallel to its cinematic counterpart from Ridley Scott's iconic 1979 film "Alien," the Xenomorph malware's relentlessness is both eerie and alarming. First identified by ThreatFabric in February 2022, this digital menace has made a formidable return. 

Recent investigations reveal: 

  • A robust distribution campaign utilizing phishing web pages to lure victims into downloading malicious APKs
  • An enlarged target list, with Xenomorph now laying siege to financial institutions in the United States, Portugal, and several cryptocurrency wallets
  • Active campaigns causing thousands of Xenomorph downloads, especially in Spain and the US 

Echoing a broader transatlantic malware trend, Xenomorph's spread aligns with patterns seen in other malicious software families, including dominant Malware-as-a-Service (MaaS) names like Octo, Hydra, and Hook, as well as renowned private entities like Anatsa. 

ThreatFabric remains at the forefront of cyber defense, arming institutions and individuals with critical insights to combat the shifting sands of cyber threats.

Check out the research here!

About ThreatFabric 

Founded in 2015 and headquartered in Amsterdam, ThreatFabric is a fast-growing fraud company and one of Europe’s thought leaders in online fraud detection and intelligence. ThreatFabric’s Fraud Risk Suite enables safe & frictionless payment journeys by integrating industry-leading threat intelligence, behavioral analytics, advanced device fingerprinting, and 10,000+ adaptive fraud indicators.


Demo or trial?