Xbot
Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. [1]
ID: S0298
Aliases: Xbot
Type: TOOL
Platforms: Android
Version: 1.1
Alias Descriptions
Name | Description |
---|---|
Xbot | [1] |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
Mobile | T1412 | Capture SMS Messages | Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.[1] |
Mobile | T1471 | Encrypt Files for Ransom | Xbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.[1] |
Mobile | T1446 | Lock User Out of Device | Xbot can remotely lock infected Android devices and ask for a ransom.[1] |
Mobile | T1411 | User Interface Spoofing | Xbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages.[1] |