1. Home
  2. Software
  3. Xbot

Xbot

Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. [1]

ID: S0298
Type: TOOL
Version: 1.0
Created: 25 October 2017
Last Modified: 25 April 2025
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1471 Data Encrypted for Impact

Xbot can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.[1]
Mobile T1642 Endpoint Denial of Service

Xbot can remotely lock infected Android devices and ask for a ransom.[1]
Mobile T1417 .002 Input Capture: GUI Input Capture

Xbot uses phishing pages mimicking Google Play's payment interface as well as bank login pages.[1]
Mobile T1636 .004 Protected User Data: SMS Messages

Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.[1]

References

  1. Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.