Monday, 22 February 2016

Android Users Beware! This Trojan Will Hijack Your Banking Details & Log You Out of Your Device "Xbot"

I don’t know why Android is so vulnerable to attacks from hackers… that was why I asked if you still believe that Blackberry 10 will live on.


To all Android users, there is another dangerous malware in town called Xbot. Xbot is really dangerous as it steals your banking information and acts as a ransomware, locking down your device and forcing you to pay.

Apart from stealing your information and sending it to Xbot’s C&C server, the device can lock you out of your device and force you to pay $100 through PayPal.

The Trojan also employs a method called activity hijacking to steal personal details, credit card information and online banking details.

How Does it Work?

You’re trying to launch your online banking application but the activity is hijacked and you end up launching a clone of that app that’s actually being server through WebView. Xbot has some additional capabilities. It will collect all contacts’ names and phone numbers and upload them to its C2 server, as well as all new SMS messages.
According to researchers at Palo Alto Networks on their blog post;


While Android users running version 5.0 or later are so far protected from some of Xbot’s malicious behaviors, all users are vulnerable to at least some of its capabilities. As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it’s likely that its ability to infect users and remain hidden will only grow, and that the attacker will expand its target base to other regions around the world…
Meaning if you are running below 5.0 Android OS, you are more expose to this attack. This is one of the major reason Google normally updates its OS to combat this kind of attack. I’ll advice you to upgrade to the latest Android OS if an upgrade is available for your device. Sticking to Android Kitkat is not the way forward but the way backward.

How do I Protect Yourself

The Trojan is currently in Russia and Australian and it keeps spreading everyday… Take precautions, and do not download applications from an unknown source except you are geeker than the geek.

Disable application from an unknown source by going to Settings > Security > Unknown Sources; and do not give an application administrative privileges. 

#iRepresent Team Blackberry10! 
Credit: Yomiprof


EmoticonEmoticon