There are several Android malware and these programs are written by hackers for different purposes. While some are mere adware built specifically to bombard your device with unwanted ads, some are even more dangerous and they will spy on you to record and report your every move.
Just yesterday, we informed you about a new Android malware spreading through SMS but there’s a new one out there. Xbot is really dangerous as it steals your banking information and acts as a ransomware, locking down your device and forcing you to pay.
Fortunately, it’s not yet widespread as it is presently in Australia and Russia only but there are chances the attackers might want to expand operations to other regions. According to Palo Alto Researchers in a blog post on their website, the authors are putting a lot of time and effort into making sure the Trojan becomes harder to detect. The researchers claim they’ve seen 22 applications come infected with Xbot but these are distributed directly from the developer’s server, not through the Play Store.
According to researchers at Palo Alto Networks:
While Android users running version 5.0 or later are so far protected from some of Xbot’s malicious behaviors, all users are vulnerable to at least some of its capabilities. As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it’s likely that its ability to infect users and remain hidden will only grow, and that the attacker will expand its target base to other regions around the world.
Apart from stealing your information and sending it to Xbot’s C&C server, the device can lock you out of your device and force you to pay $100 through PayPal.
Xbot uses activity hijacking technique
The Trojan also employs a method called activity hijacking to steal personal details, credit card information and online banking details. This is how it works: You’re trying to launch your online banking application but the activity is hijacked and you end up launching a clone of that app that’s actually being server through WebView. Prior to Android 5.0 Lollipop, this is quite possible but Google has since updated Android OS to combat this type of attack. This is one of the reasons you should always update your device to the latest firmware version.
Researchers also say Xbot is capable of stealing contacts list and reading SMS. Having access to SMS makes it quite effective as it becomes easy for the attacker to easily bypass two factor authentication.
How to protect yourself
As mentioned in the blog post yesterday, you shouldn’t install applications from unknown sources unless you’re a power user and you know exactly what you’re doing. To protect your device and keep unwanted applications off your device, disable installation of applications from unknown sources by heading to Settings > Security > Unknown Sources. Be sure the box is unmarked.
As explained earlier, having Android Lollipop too ensures some degree of security. You should endeavor to have the latest version of Android OS installed on your device. Also, don’t give any application administrator privilege unless it’s from a trusted source.