Xbot Ransomware Also Steals Online Banking Credentials

Yes. They are still making new types of malware to steal banking login credentials. This time, one being called Xbot is targeting Android users primarily in Australia and Russia. However as we know, it’s likely to make its way all over the globe soon. So, it’s best to know about it now and be prepared.

This one has many talents. It installs malware that can hijack installed apps to trick users into putting in login credentials. It can also encrypt files and hold them for ransom (ransomware), and even scrape the device for personal details such as contacts, text messages, and phone details.

There are several lessons here. First, this one takes advantage of security flaws in Android versions prior to version 5.0. Google has since fixed the issue, but those who have not bothered to update their devices should not delay. It isn’t just this one bit of malware that can take advantage of devices that are not updated, but any that were out before that exploited earlier versions are possibly still out there and can strike at any time. Therefore, if an operating system update is available or patches have been released for any of your devices, install them to avoid becoming a victim of these.

Secondly, do regular backups of all devices. This will make it simple to restore should ransomware strike. Rather than paying money to unscrupulous criminals, you can simply restore it from one of your backups. Paying only encourages more bad behavior and does not guarantee you will get the decryption key.

Xbot will also monitor the user’s apps and if one is launched that the malware is looking for, it will launch a Webview version of the app. Then a form will appear that asks for login and other sensitive details. So pay attention to what your financial apps look like and if you notice any small differences, question it. Perhaps wait till you get to a computer at home or use the phone to verify the app has been updated before putting in sensitive details.

Always install apps from the official app stores. They have more stringent controls on what can be in them so the chances of downloading malicious apps is lower. Sideloading is not recommended because anyone can put an app on a website and while there are many that are just fine, it doesn’t necessarily have to be as secure as if it’s put into the app stores. Make sure you read reviews of the apps and if they give you any reason to doubt the legitimacy of the product, just don’t do it.

In this case, the real apps are not changed in any way by the malware. However, if you use good judgment, you can avoid any issues in the first place.

© Copyright 2016 Stickley on Security