Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. [1]

ID: S0298
Type: TOOL
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1471 Data Encrypted for Impact

Xbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.[1]

Mobile T1642 Endpoint Denial of Service

Xbot can remotely lock infected Android devices and ask for a ransom.[1]

Mobile T1417 .002 Input Capture: GUI Input Capture

Xbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages.[1]

Mobile T1636 .004 Protected User Data: SMS Messages

Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.[1]