New Xbot trojan phishes, steals data, and uses ransomware

Researchers spotted an Android trojan capable of using multiple attacks to steal data.
Researchers spotted an Android trojan capable of using multiple attacks to steal data.

Researchers at Palo Alto Networks discovered a new Android trojan dubbed “Xbot” that is capable of phishing for banking credentials, stealing data and using ransomware.

The trojan attempts to steal financial data using phishing pages designed to mimic Google Play's payment interface and the login pages of seven different banking apps, according to a Thursday post.

Xbot will steal a victim's SMS messages and contact information, intercept certain SMS messages and parse SMS messages for mTANs (Mobile Transaction Authentication Number) from banks, researchers said in the post.

“It can also remotely lock infected Android devices, encrypt the user's files in external storage (e.g., SD card), and then ask for a U.S. $100 PayPal cash card as ransom,” researchers wrote.

Currently, the attack doesn't appear to be widespread and mainly targets users in Russia and Australia.

Android devices running version 5.0 or later are protected from some of the trojan's attacks but all users are vulnerable to at least some of its capabilities, researchers said.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS