Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

Xbot

Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. [1]

ID: S0298
Aliases: Xbot
Type: TOOL
Platforms: Android

Version: 1.1

Alias Descriptions

NameDescription
Xbot[1]

Techniques Used

DomainIDNameUse
MobileT1412Capture SMS MessagesXbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.[1]
MobileT1471Encrypt Files for RansomXbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.[1]
MobileT1446Lock User Out of DeviceXbot can remotely lock infected Android devices and ask for a ransom.[1]
MobileT1411User Interface SpoofingXbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages.[1]

References