According To Threatfabric Blog The MysteryBot and LokiBot Android malware are "Both running on the same C&C server." Since they share the same command and control server, it means that there could be a strong link between the two forms of malware, and they could have been developed by the same attacker. What makes the MysteryBot lethal is its capabilities to take control over users' phone. Apart from having Android banking trojan functionalities, the malware exhibits overlay, keylogging, and ransomware functionalities.
This Malware Can Steal Emails And Can Start Application Remotely This Tools Are Not Active Yet,MysteryBot Malware IS Still Under Development ,Researchers say that the malware uses overlay screens designed to look like real bank site, but are run by attackers,researchers also said that a new technique abuses a service permission called 'Package Usage Stats' that is accessible through the Accessibility Service permission in Android phones. This method allows the trojan to enable and abuse any other permission without the user's consent
MysteryBot also contains a keylogger. But researchers said that none of the already-known keylogging techniques was used. Instead, the malware calculates the location for each row and places a view over each key. Malware also has inbuilt ransomware to individually encrypt all files in the external storage directory, including every Sub-directory, after which the original files are deleted. "The encryption process puts each file in an individual ZIP archive that is password protected, the password is the same for all ZIP archives and is generated during runtime. When the encryption process is completed, the user is greeted with a dialog accusing the victim of having watched pornographic material,"said researchers
Mysterybot Malware Is Still Under Devlopment Phase.However, You Should be Aware of Any Apps That Ask for an Excessive Number of Permissions, and Always Install Apps from Trusted Sources, Such as Google Play.
No comments:
Post a Comment