Alien Android Banking BotnetThe Alien Android botnet targets Android devices and allows users to remotely control compromised devices. Known for its advanced capabilities and stealth operation, it is often used to retrieve sensitive information, intercept communications, and conduct other activities.
The Alien Android botnet emerged in late 2020, discovered by cybersecurity researchers who noted its similarities to the Cerberus banking tool. Following the takedown of Cerberus, its source code leaked, laying the groundwork for the creation of Alien. This leak allowed Alien's creators to adopt and improve many of the sophisticated features that made Cerberus effective.
![[Image: Alien-Android-Banking-Botnet.webp]](https://blackhatindian.com/image/Alien-Android-Banking-Botnet.webp)
![[Image: Alien-Android-Banking-Botnet.webp]](https://www.blackhatfrench.com/image/Alien-Android-Banking-Botnet.webp)
Features:
Overlaying: Dynamic (Local injects obtained from C2)
Keylogging
Remote access
SMS harvesting: SMS listing
SMS harvesting: SMS forwarding
Device info collection
Contact list collection
Application listing
Location collection
Overlaying: Targets list update
SMS: Sending
Calls: USSD request making
Calls: Call forwarding
Remote actions: App installing
Remote actions: App removal
Remote actions: Showing arbitrary web pages
Remote actions: App removal
Remote actions: App starting
Remote actions: App starting
Self-protection: Emulation-detection Self-protection: Preventing removal Self-protection: Hiding the App icon
C2 Resilience: Auxiliary C2 list
Notifications: Push notifications
Download
The Alien Android botnet emerged in late 2020, discovered by cybersecurity researchers who noted its similarities to the Cerberus banking tool. Following the takedown of Cerberus, its source code leaked, laying the groundwork for the creation of Alien. This leak allowed Alien's creators to adopt and improve many of the sophisticated features that made Cerberus effective.
Features:
Overlaying: Dynamic (Local injects obtained from C2)
Keylogging
Remote access
SMS harvesting: SMS listing
SMS harvesting: SMS forwarding
Device info collection
Contact list collection
Application listing
Location collection
Overlaying: Targets list update
SMS: Sending
Calls: USSD request making
Calls: Call forwarding
Remote actions: App installing
Remote actions: App removal
Remote actions: Showing arbitrary web pages
Remote actions: App removal
Remote actions: App starting
Remote actions: App starting
Self-protection: Emulation-detection Self-protection: Preventing removal Self-protection: Hiding the App icon
C2 Resilience: Auxiliary C2 list
Notifications: Push notifications
Download