Xbot, A New Trojan Virus That Hijack Your Banking Details, And Force You To Pay $100

Everything that has advantage also has disadvantage so the ability of Android devices to be customized and tweaked can also be used to intrude inside it and create havoc.

The reigning virus/malware in town now is called Xbot. Just like the name suggests, Xbot is a virus that spys your activities in your phone and detects and lock your phone automatically. Not just that, it will demand for payments before the phone will be unlocked. The malware is really dangerous because it also steals your banking information and behaves as a ransomware, logging you out of your device and forcing you to pay the sum of $100 via PayPal. Your information that is stollen by the virus is sent to Xbot's C&C server and gets inscrypted

This dangerous Trojan Virus also uses a technique called activity hijacking to tap the stored personal details in your device like the credit card information, online banking details and all your activity passwords

It clones your online banking application whenever you want to use it. This happens in a way you won't decode because you will think it is the main application that you are launching not knowing it is the cloned app so it will Hijack the main app and transfer it to the XBOT server via webview. It will collect all the contacts names and numbers on your phone and upload them to its C2 server, also it does the same to your SMS messages on your device.

READ... Monkey Test And Time Service Virus And How To Remove It From Your Phone

According to researchers at Palo Alto Networks on their blog post;

"While Android users running version 5.0 or later are so far protected from some of Xbot’s malicious behaviors, all users are vulnerable to at least some of its capabilities. As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it’s likely that its ability to infect users and remain hidden will only grow, and that the attacker will expand its target base to other regions around the world"

From the above statement, you will see that those using Android 5.0 and above versions are more protected and safe from this wicked virus while those that are still stocked on older Android versions like jellybean and KitKat are more exposed and prone to this malware attacks. So it is advisable to upgrade your Android version as soon as possible to Android Lollipop or Android Marshmallow if your phone has OTA update but if it doesn't have, just read through the prevention methods below.

This prevention method is applicable to all Android devices including later versions.
The Trojan is reportedly in Russia and Australian and it is still spreading wide everyday all over the world. If your phone and your personal details including your online banking data is very important to you, then you have to take some precautionary measures and do not download or install applications from an unknown source unless you are 100% sure of the app you are downloading.

In fact, Disable installation of applications from an unknown source by navigating to Settings > Security > Unknown Sources; so that you won't give an application administrative privileges.

Stay safe!!!

1 comment:

  1. Besides storing my account numbers in my phone as contacts, i don't have any other info as per my banking details.

    Could i be hacked via those numbers?