MysteryBot Android Malware Combines Banking Trojan, Ransomware, and Keylogger

Advertisement
By Sumit Chakraborty | Updated: 18 June 2018 17:42 IST
Highlights
  • MysteryBot combines a banking trojan, keylogger, and ransomware
  • MysteryBot, runs on the same command and control server as the LokiBot
  • The malware targets devices running on Android 7.x or 8.x
MysteryBot Android Malware Combines Banking Trojan, Ransomware, and Keylogger

A new Android malware that combines a banking trojan, a ransomware, and a keylogger has been discovered. Security researchers at ThreatFabric have found the new type of malware that packs all the three threats in one package, and it was earlier thought to be an updated version of LokiBot. But, since the new malware comes with various new features researchers have labelled it as a new form of malware, called MysteryBot. Notably, the MysterBot targets smartphones running Android 7.x or Android 8.x.

As per a blog post by ThreatFabric, the MysteryBot and LokiBot Android malware are "both running on the same C&C server." Since they share the same command and control server, it means that there could be a strong link between the two forms of malware, and they could have been developed by the same attacker. What makes the MysteryBot lethal is its capabilities to take control over users' phone. Apart from having Android banking trojan functionalities, the malware exhibits overlay, keylogging, and ransomware functionalities.

The malware also contains commands for stealing emails and remotely starting apps. However, such tools are not active yet, meaning the malware is still in its development phase. MysteryBot is reportedly able to target the latest Android versions - Nougat and Oreo. Researchers say that the malware uses overlay screens designed to look like real bank site, but are run by attackers.

The researchers also said that a new technique abuses a service permission called 'Package Usage Stats' that is accessible through the Accessibility Service permission in Android phones. This method allows the trojan to enable and abuse any other permission without the user's consent.

Advertisement

The MysteryBot also contains a keylogger. But researchers said that none of the already-known keylogging techniques was used. Instead, the malware calculates the location for each row and places a view over each key.

"This view has a width and height of zero pixels and due to the "FLAG_SECURE" setting used, the views are not visible in screenshots. Each view is then paired to a specific key in such a way that it can register the keys that have been pressed which are then saved for further use," said researchers. However, they added, "The code for this the keylogger seems to still be under development as there is no method yet to send the logs to the C2 server."

Advertisement

The malware also has inbuilt ransomware to individually encrypt all files in the external storage directory, including every subdirectory, after which the original files are deleted. "The encryption process puts each file in an individual ZIP archive that is password protected, the password is the same for all ZIP archives and is generated during runtime. When the encryption process is completed, the user is greeted with a dialog accusing the victim of having watched pornographic material," said researchers.

From the looks of it, MysteryBot is not quite widespread as it is still under development. However, you should be aware of any apps that ask for an excessive number of permissions, and always install apps from trusted sources, such as Google Play.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: MysteryBot, Malware
Advertisement
Popular Mobile Brands
  1. OTT Releases This Week: Mandala Murders, Ronth, Rangeen, and More
  2. Amazon Great Freedom Festival 2025 Sale to Kick Off in India on This Date
  3. Samsung Galaxy S25 FE Leak Suggests Memory Configurations, Colours
  1. Who-Fi: An AI-Powered Wi-Fi Technology That Can Identify and Track Individuals Without Cameras
  2. NASA’s X-59 Moves Closer to First Flight with Advanced Taxi Tests and Augmented Vision
  3. Unusual Plasma Waves Above Jupiter’s North Pole Can Possibly Be Explained
  4. NASA to Live Stream SpaceX Crew-11 Launch Docking, Know How to Watch Online
  5. Apple Expands App Store Age Rating System With More Granular Categories
  6. Amazon Kindle Colorsoft Kids With 7-Inch Display and a Kid-Friendly Cover Launched
  7. Dying Light: The Beast Delayed to September for 'Extra Polishing Work'
  8. Flipkart Freedom Sale 2025 Date Revealed; Plus, VIP Members To Get Early Access
  9. Huawei Mate XT 2 Colour Options Leaked; Could Be World’s Second Mass-Produced Tri-Fold Phone
  10. Blender Is Working on a Standalone App for iPad Pro With Apple Pencil Support
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.