Android OS has been the favorite destination of hackers to introduce their viruses in various ways. They new Trojan has surfaced on Android which has the ability to steal your all bank details and hold your files as hostage and then demands ransom.

New Android Trojan Steals Your Banking Details and Encrypt Devices for Ransom

Security Researchers have found a new Malware in Android called Xbot which targets banking details and ransom-ware. It was first found by Unit42 Security Team at Palo Alto Networks and they claimed that more than 20 Android Apps contain this malware till now. The research further states that the developer is promptly intensifying its potential and ability.

Also Read: Top 10 Best Antivirus For Your PC

The Researchers at Paul Alto Networks claimed that this malware is not spread across the world but they found that it mainly targets Android Users in Russia and Australia. They assume that this malware might spread across the world in order to expand its target base.

Security Researchers at Paul Alto said “As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it’s likely that its ability to infect users and remain hidden will only grow,”

 Fake Google Play payment pages. (Image Palo Alto)
Fake Google Play payment pages. (Image Palo Alto)

This malware uses a method called “Activity Hijacking” in order to hack into android and stealing banking credentials and personal information. It permits the malware to initiate different action when it finds someone attempting to open an application. However users are not knowing that in reality they are using the malicious program.

Activity Hijacking works greatly because of features in Android Versions below than 5.0. Google also took some measures in order protect its users from this trojan, it can affect older devices or non-updated devices and they are likely to fall in the trap of this Trojan.

One among the attacks carried by Xbot is that it detects the app which the user has launched. In case if it is banking app, this Trojan interferes and displays and interface which hides the actual app.

Researchers at Palo Alto stated that “So far we’ve found 7 different faked interfaces. We identified 6 of them – they’re imitating apps for some of the most popular banks in Australia. The interfaces are very similar to these banks’ official apps’ login interfaces. If a victim fills out the form, the bank account number, password, and security tokens will be sent,” to the command-and-control server”.

CryptoLocker Demanding Ransom
CryptoLocker Demanding Ransom (Image Palo Alto)

Xbot also displays an interface via Web View displaying that your device and files on it are encrypted with CryptoLocker (noted ransom ware service). Ransom ware mainly encrypts files and then forces the user to pay $100 via in order to get decryption key via clone PayPal Website.

The Researchers from Palto Alto further stated that Xbot usually encrypt files present in the devices external storage. Also, the algorithm used by Xbot is not so strong and it it would be possible to recover the files if trapped under Crypto-Locker.

Xbot also the capability to steal personal information like SMS, Phone Number as well as contacts and send the data to the attackers.

So, we advise you to download apps only from Google Play. However, experts claimed that this Trojan is growing rapidly. If you liked this article, feel free to share it !


Please enter your comment!
Please enter your name here