Protect Your Android Device: Update Now to Patch Two Critical Vulnerabilities

Xenomorph Android Malware

If you haven’t updated your device recently, you may be at risk of two critical vulnerabilities that could compromise your device’s security. These vulnerabilities have been identified in the Android operating system and are currently being exploited by cybercriminals.

In this article, we will explain the nature of these vulnerabilities and how you can protect yourself by updating your device.

How to Protect and Update your Android Device?

The latest security updates for Android have been released and contain fixes for two critical remote code execution (RCE) vulnerabilities that impact Android devices running versions 11, 12, 12L, and 13. It is crucial that Android users update their devices as soon as possible to ensure their security is not compromised.

The March 2023 Android Security Bulletin provides comprehensive details about the security vulnerabilities that affect Android devices. If your Android phone is at patch level 2023-03-05 or later, the issues discussed in the bulletin have been fixed.

The updates have been made available for Android 11, 12, and 13. Most Android device manufacturers have been made aware of the issue at least one month before the publication however, not all of them may release the update timeously. It is important that you check and do any security updates that you are notified about to avoid leaving your device vulnerable.

Finding your Android’s version number, security update level, and Google Play system level is simple. You can access this information in your Settings app. While you will get notifications when updates are available for you, you can also check for updates manually.

How to check for updates on most Android phones:

  1. Open your Settings app.
  2. Scroll down and tap on “About phone” or “About device”.
  3. Tap on “Software updates” to check if there are new updates available for your device.

Note that there may be slight differences based on the brand, type, and Android version of your device.

By ensuring that you update your Android device regularly, you can protect yourself against security vulnerabilities and ensure that your personal information remains safe. So, take a moment to check for updates and stay updated with the latest security patches.

What are the two critical vulnerabilities?

The first vulnerability, identified as CVE-2023-3722, is a remote code execution vulnerability that allows attackers to execute arbitrary code on your device. This vulnerability is caused by a flaw in the Android System UI and can be exploited through a specially crafted file.

The second vulnerability, identified as CVE-2023-3723, is a privilege escalation vulnerability that allows attackers to gain root privileges on your device. This vulnerability is caused by a flaw in the Android kernel and can be exploited through a malicious application.

Both vulnerabilities are classified as critical, meaning that they pose a high risk to your device’s security and should be patched immediately.

How can you protect yourself?

The good news is that Google has already released patches for these vulnerabilities, which are included in the latest Android security update. Therefore, the most effective way to protect your device is to update it to the latest version of Android.

To check if your device is up to date, go to Settings > System > System update. If an update is available, download and install it as soon as possible.

If you are unable to update your device, there are a few steps you can take to minimize your risk:

  • Avoid downloading apps from untrusted sources.
  • Be cautious of suspicious links and attachments in emails or text messages.
  • Use a reputable mobile security solution that can detect and block malicious apps and websites.

Xenomorph Android malware now steals data from 400 banks

Xenomorph is a new Android malware that is capable of stealing sensitive information from over 400 banking applications. The malware has the ability to perform overlay attacks on legitimate banking apps, tricking users into entering their banking credentials. Once the user’s credentials are captured, the malware sends the information to the attacker’s command-and-control (C2) server.

The malware also has other malicious capabilities, such as stealing SMS messages, recording phone calls, and more. Users are advised to download apps only from official app stores and to keep their devices updated with the latest security patches.

This new malware is one of the most dangerous malware out there that affects Android users. It is now extremely important that users remain wary of where they download their apps from. It is not recommended that users download apps from random third-party websites or app stores.

According to BleepingComputer, a Google Spokesperson has commented about this new malware, reassuring users that the malicious apps identified in the reports are not on Google Play. Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources. Users are protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.

However, this is untrue. Researchers found the dropper for the Xenomorph banking Trojan on the Google Play Store under the name Fast Cleaner, pretending to be an application aimed at speeding up the device by removing unused clutter and removing battery optimization blocks.

The reason apps such as these make their way to the play store is that they are uploaded to the play store before distributing the malware on the remote server. This makes it hard for Google to determine that such an app has an ulterior motive and allows the threat actor to distribute the dropper. The Fast Cleaner app has now been removed from the Play Store but not before it was downloaded more than 50,000 times.

Two of the Xenomorph-laced apps are listed below –

  • Play Protect (com.great.calm)
  • Play Protect (meritoriousness.mollah.presser)
  • com.census.turkey
  • com.laundry.vessel
  • com.tip.equip
  • com.spike.old

How does Xenomorph work?

Xenomorph V3 is deployed by a Zombinder app ‘bound’ to a legitimate app, which downloads as an ‘update’ an application posing as Google Protect”. A Zombinder according to ThreatFabric is an APK Binder that allows hackers to deliver malware via trojanized versions of legitimate apps. This makes it less suspicious to the user as they see the ‘real’ app but are unaware of what is happening in the background.

Once installed, Xenomorph provides the hackers with numerous capabilities and permissions to execute many functions including stealing MFA OTP codes from your 2FA applications.

How to protect yourself from Xenomorphs?

For now, it is important that you are wary of the apps you download and the developers that make them. You should be extra cautious when trying out apps with few downloads or negative reviews. Furthermore, it is important that you scan your applications. Thankfully, Malwarebytes has confirmed that their android applications can detect Xenomorph viruses as Android/Trojan.Dropper.Xeno.


In conclusion, the two critical vulnerabilities identified in the Android operating system pose a serious threat to your device’s security. To protect yourself, it is essential to update your device to the latest version of Android as soon as possible.

Don’t wait until it’s too late – take action today to ensure that your Android device is secure and protected from cyber threats.

Leave a Reply

Your email address will not be published. Required fields are marked *