MysteryBot: A New Threat to Your Banking Apps

MysteryBot is the new Android malware designed to target banking apps

Android users just can’t have enough peace with their mobile devices. A new Android malware has been discovered by the security experts who essentially combines the worst features of a number of malwares and brings the most dangerous threat ever seen in the Android world. This malware goes by the name MysteryBot which is an amalgamation of the malwares, key loggers and Trojan into one which isn’t a good combination at all. This malware is very mush similar to the LokiBot which created a massive havoc last year by turning into a notorious ransomware whenever someone tried to remove it.

MysteryBot is your worst nightmare

One ofthe security expert has carefully diagnosed the MysteryBot and came to this conclusion. Just like the LokiBot this malware is also running on the same C&C server. In other words MysteryBot is sharing the same command and control server which eventually helps in forming a strong link between the two. It is been speculated that both of these malwares has been designed by the same developer.

MysteryBot is a better and more potent version of malware as it has the ability to take control right over the user’s phone. It comes loaded with a number of the Android banking Trojan functionalities which enables to make use of the overlay, keylogging and ransomware functions at the same time. In seems like MysteryBot is designed to serve not one purpose but many and all the same time to make Android user’s life miserable.

Modus Operandi of MysteryBot

It has been found that the MysteryBot is capable taking control of the infected device, read the messages even steal some of the sensitive emails and work towards collecting the contact information. Most of the Android malwares focus on targeting the older Android OS but MysteryBot can even target the recent Android OS like Nougat and Oreo. The worst thing about this app is that bring over an overlay screen of fake login pages to the unsuspecting users. These overlays will appear on the legitimate banking apps present on the Android OS thereby offering best and simple way for the cyber criminals to get away with the sensitive user credentials with ease and simplicity.

Keylogging and encryption at its best

Security expert has further revealed that MysteryBot has been successful in taking control of the infected mobile by exploiting the service permission called “Package Usage Stats”. ¬†Manipulating this MysteryBot is able to abuse the permissions on the smartphone without the need of getting user’s consent. It comes loaded with a keyloggers which makes use of a new technology wherein malware effectively calculates the location of each row and then goes about placing a view on that key.

The encryption utilized by the MysteryBot is quite complex wherein each file is made into a single ZIP archive and it is kept password protected. Only good thing here is that all the ZIP archives tend to have the password. Once the encryption process is completed on the smartphone device then the users are usually greeted with a dialogue making them aware that they had watched pornographic material on their device.

Tags : Android MalwareInternet SecurityMalwareMysteryBot

The author twitiq