Malware, Threat Management

New Xbot trojan phishes, steals data, and uses ransomware


Researchers at Palo Alto Networks discovered a new Android trojan dubbed “Xbot” that is capable of phishing for banking credentials, stealing data and using ransomware.

The trojan attempts to steal financial data using phishing pages designed to mimic Google Play's payment interface and the login pages of seven different banking apps, according to a Thursday post.

Xbot will steal a victim's SMS messages and contact information, intercept certain SMS messages and parse SMS messages for mTANs (Mobile Transaction Authentication Number) from banks, researchers said in the post.

“It can also remotely lock infected Android devices, encrypt the user's files in external storage (e.g., SD card), and then ask for a U.S. $100 PayPal cash card as ransom,” researchers wrote.

Currently, the attack doesn't appear to be widespread and mainly targets users in Russia and Australia.

Android devices running version 5.0 or later are protected from some of the trojan's attacks but all users are vulnerable to at least some of its capabilities, researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.