If you have an App installed on your Android phone called “ToDo: Day Manager” then delete it now. According to leading cloud security company Zscaler and reported on by Laptop Mag (opens in new tab), it is one of 50+ apps its Techlabz team have found to be ‘Trojan droppers.'
How does the Xenomorph Trojan work?
Despite posing as an innocuous planning app, ToDo: Day Manager installs a particularly nasty trojan known as the Xenomorph. Upon installation, the app, which has over 1,000 downloads asks for extensive permissions in your device and installs itself as an admin, refusing to surrender control. Those who accept will likely have had their banking details compromised as this is what it has been found to prioritize (although it also can access your SMS and other messages). The Xenomorph will in fact overlay fake login screens onto your banking apps, stealing your login information. Zscaler have found that the Xenomorph trojan is very similar to the Coper banking trojan that surfaced a few months ago with the Techlabz team finding it also “sourced its malware payload from the Github repo.”
What can I do to protect myself?
Thankfully, Google has now removed the app from the Google Play Store, but this is far from the first breach of its security. As users, we must remain savvy to the red flags of suspicious apps. A common protective measure is to never allow permissions to an unknown app, especially if it seems irrelevant to the service it offers. Why would a calendar app require access to your camera or messages, for example. It can be a pain but using different passwords for each login is a crucial part of cybersecurity and staying safe. We recommend using one of the best password managers and making sure each password is individually strong. It’s also worth downloading one of the best Android antivirus apps if you want an extra layer of protection.