Researchers at Palo Alto Networks discovered a new Android trojan dubbed “Xbot” that is capable of phishing for banking credentials, stealing data and using ransomware.
The trojan attempts to steal financial data using phishing pages designed to mimic Google Play's payment interface and the login pages of seven different banking apps, according to a Thursday post.
Xbot will steal a victim's SMS messages and contact information, intercept certain SMS messages and parse SMS messages for mTANs (Mobile Transaction Authentication Number) from banks, researchers said in the post.
“It can also remotely lock infected Android devices, encrypt the user's files in external storage (e.g., SD card), and then ask for a U.S. $100 PayPal cash card as ransom,” researchers wrote.
Currently, the attack doesn't appear to be widespread and mainly targets users in Russia and Australia.
Android devices running version 5.0 or later are protected from some of the trojan's attacks but all users are vulnerable to at least some of its capabilities, researchers said.