Screen Shot 2016-02-19 at 10.02.28 AM

New Android Trojan Malware Attempts to get your Banking Info

February 19, 2016 - Written By Alexander Maxham

When it comes to smartphones, what is the one thing that everyone is afraid of? That would be viruses, malware and vulnerabilities. In other words, security. We’ve seen a number of vulnerabilities surface in recent months and now there’s another piece of malware that has surfaced. This time it’s the “Xbot” trojan malware and it’s coming out of Russia. It appears that this piece of malware is targeting Russian and Australian users, it’s also in apps that are not in the Google Play Store, but rather in smaller app stores in those countries.

This Xbot trojan actually attacked the Hollywood Presbyterian Medical Center and locked them out of their own computer system. The Hollywood Presbyterian Medical Center ended up paying near $17,000 to get back into their system. As you can imagine, that was a pretty big deal for a medical center to be locked out of their entire computer system. Xbot has the ability to do that, and much more. It can mimic official payment registration pages, this is useful because it can record your credit card and banking credentials if you’re buying something online. It also goes through your SMS and contacts as most other trojans do. This part is a new one though, it can actually hold your smartphone at ransom.

How exactly does it hold your smartphone for ransom? Well it works through a masked app. Which will then ask the user to authorize something as a device admin. After it has been authorized, the app will then execute some code that will silence the ringer, also set the password to “1811blabla” and finally takes you to the lock screen. Next, the user is directed to a webpage that claims to be from “Cryptolocker” which the user is not able to exit from. Xbot also encrypts the internal and external storage. Finally, the user is directed to purchase a $100 PayPal My Cash Card and then input the card number within the next five days. Cryptolocker says that if you don’t do that, you’ll lose the data.

This can be a pretty scary piece of malware here, and it’ll likely get a few people to buy that $100 PayPal My Cash Card, unfortunately. A good rule of thumb to remember here is to never install apps that are not from the Play Store. As mentioned earlier, Xbot is only affecting those apps that are from other app stores, where security may not be as big of an issue. Another good reason not to sideload apps onto your smartphone as well.