Register to stream ATT&CKcon 2.0 October 29-30


Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. [1]

ID: S0298
Type: TOOL
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1412 Capture SMS Messages Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages. [1]
Mobile T1471 Encrypt Files Xbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom. [1]
Mobile T1446 Lock User Out of Device Xbot can remotely lock infected Android devices and ask for a ransom. [1]
Mobile T1411 User Interface Spoofing Xbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages. [1]