Android Malware Capable Of Stealing Bank Details Discovered, Details Here
A new Android malware has been discovered that combines a banking trojan, a ransomware, and a keylogger. ThreatFabric’s security researchers found the new malware MysteryBot that melds all the three threats of banking trojan, ransomware, and keylogger in one package. Earlier, the researchers considered it as an updated version of LokiBot. But, the MysteryBot malware has various new features and this malware targets the smartphones running Android 7.x or Android 8.x.
According to ThreatFabric, both MysteryBot and LokiBot Android malware run on the same C&C server. Both of the malware have the same command and control server which identifies that there can be a strong link between the two forms of malware or it may be possible that it has been developed by the same attacker.
The MysteryBot malware has the capability to control the users’ phone and the malware has Android banking trojan functionalities. The MysteryBot malware also has keylogging and ransomware functionalities. MysteryBot malware is even dangerous as it has commands that can steal the emails of a user and can also remotely start applications.
The malware is still in its development phase that is why it doesn’t have these tools activated yet. The MysteryBot malware has the capability to target the latest Android versions like Nougat and Oreo. As per the ThreatFabric’s security researchers, the malware uses overlay screens that look like real bank site and are run by the attackers.
‘Package Usage Stats’ is a service permission that can be accessed through the Accessibility Service permission in Android phones and the malware allows the trojan to enable and use other permissions without the user’s consent.
As mentioned before this malware has a keylogger and techniques of keylogging present in this malware were not earlier known by the researchers. The keylogger of this malware is still under development as there is no method yet to send the logs to the C2 server.
The MysteryBot malware along with a keylogger and banking trojan has an inbuilt ransomware which can encrypt the files in the external storage directory and after which the original files are deleted. According to the researchers, encryption process puts each file in an individual ZIP archive that is password protected and the password is the same for all ZIP archives. When the process is completed, the user is addressed with a dialog accusing him/her of having watched pornographic material.
As the MysteryBot malware is still under development that’s why the malware hasn’t spread till now. But, the user should remain aware and should avoid downloading any apps that ask for an excessive number of permissions. The user should install applications from trusted sources such as Google Play in order to keep their devices safe.