Android Trojan Xbot Phishes Credit Cards and Bank Accounts
Unit42 recently discovered 22 Android apps that belong to a new Trojan family we’re calling “Xbot”.
This Trojan, which is still under development and regularly updated, is already capable of multiple malicious behaviors. It tries to steal victims’ banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface as well as the login pages of 7 different banks’ apps.
It can also remotely lock infected Android devices, encrypt th
messages, and parse SMS messages for mTANs (Mobile Transaction Authentication Number) from banks.