Android smartphone users are being warned against a new ‘Frankenstein’ virus that cybercriminals are looking to spread. Dubbed MysteryBot, the virus combines the worst features of different malwares like ransomware, keyloggers and banking trojans to create a virus that can attack on many fronts.
Security researchers from ThreatFabric discovered the malware, and said it appears to be related to the well-known LokiBot Android banking trojan. “We believe there is indeed a link between the creator(s) of LokiBot and MysteryBot. This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code,” a ThreatFabric spokesperson was quoted in Bleeping Computer.
MysteryBot is capable of taking control of infected devices, with the ability to read messages, gather contact information and steal sensitive e-mails. While Android malware tends to attack older versions of the Google mobile OS, MysteryBot can target recent pieces of software like Android 7 and Oreo. It uses an overlay screen to display fake login pages on top of legitimate apps for the Google mobile OS, so cybercriminals can steal sensitive user credentials, Express.uk quoted the report.
MysteryBot records the location of a touch gesture and then tries to guess what the user has pressed based on points users touched the screen and the positioning of the virtual keyboard. It also has a ransomware module which means it can encrypt files and then store them in a password protected ZIP archive. Once encryption is complete a message pops up accusing the victim of having watched adult content. It then demands that an e-mail address is entered so that a password can be sent out.
A victim will then presumably be asked for payment in exchange for the data to allegedly be handed back.
ThreatFabric researchers wrote: “The enhanced overlay attacks also running on the latest Android versions combined with advanced key logging and the potential under-development features will allow MysteryBot to harvest a broad set of personal identifiable information in order to perform fraud.”
MysteryBot currently isn’t widespread and is still in development. But Android users should be wary of any apps they download which ask for a lot of permissions.