Android MysteryBot Banking Malware Is Worse Than LokiBot

  • 231
  •  
  •  
  • 17
  •  
  •  
  •  
    248
    Shares

New Android malware similar to Lokibot has been identified to also affect banking sector. Last year, Lokibot horrified everyone. The banking Trojan that could transform itself into ransomware and also updated itself every week to strengthen its stronghold on affected systems. Now, it seems like LokiBot has got a sibling as another banking Trojan, MysteryBot, steps in targeting the Android devices.

MysteryBot – Android’s New Malware

Security researchers have discovered another Android Trojan that poses a threat to banking apps. Termed as ‘MysteryBot’ by ThreatFabric, it targets Android 7 and 8 devices worldwide.

As revealed by researchers, MysteryBot appears somewhat similar to LokiBot. But, it has some differences too, such as the way in which it utilises network communication. However, a deeper analysis showed its link to the same C&C server as that of LokiBot. So, either the same actor has created it, or it is an improved version of LokiBot.

The malware exhibits exceptional capabilities, taking complete control of the affected device. It can make calls from the phone, access phonebook details, copy text messages, manage call forwarding and can work as a keylogger. Moreover, it can also encrypt all files in the external storage and can delete contact details from the device.

Regarding its point of entry, the malware will enter your device by disguising itself as Adobe Flash Player. It will be using a new technique due to the advancements made in Android 7 and 8.

“With the introduction of the version 7 and 8 of Android, the previously used overlay techniques were rendered inaccessible, forcing the financially motivated threat actors to find a new way to use overlays in their banking malware.”

The researchers further explained,

“A new technique has been conceived and is currently being used, it abuses the Android PACKAGE_USAGE_STATS permission (commonly named Usage Access permission).
The code of MysteryBot has been consolidated with the so-called PACKAGE_USAGE_STATS technique. Because abusing this Android permissions requires the victim to provide the permissions for usage, MysteryBot employs the popular AccessibilityService, allowing the Trojan to enable and abuse any required permission without the consent of the victim.”

MysteryBot Will Target Several Banking Apps

Although the malware can do pretty much whatever it likes after infecting the device, its primary goal is supposedly to target banking apps. The researchers have given a long list of such applications that might be the specific target of this malware.

MysteryBot can perform mobile banking activities without the victim’s knowledge or consent. As everything will be performed in a seemingly legit way through the victim’s device, the financial institutions will face difficulties in detecting malicious actions.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!