• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Android Ecosystem Threatened by MysteryBot

June 27, 2018Simeon Georgiev

Android’s ecosystem has become a hot target for cyber criminals. Android mobiles, tablets and smart devices have been attacked by a new malware that incorporates the classic features of a malware i.e. keylogger, ransomware and trojan.

Security analyst specializing in ransomware removal found out a malware, MysteryBot in several Android apps. MysteryBot is similar to previous malwares related to Android. However, the previous ransomwares were countered by Android latest versions, 7 and 8. MysteryBot has been successful to break these improved security mechanisms. One of the biggest threats associated with it, is its capability to mimic Android 7 and 8 OS’ screens reliably. These fake screens fool the users to post their private login details.

Presence of Ransomware

Like other malwares, MysteryBot did also contain a ransomware. While trying to remove ransomware from MysteryBot, experts found that the ransomware has the ability to gain access to users’ files that are saved externally. The ransomware then blocks the access to these files with a password.

However, security analysts found it to be one of the easiest ransomware removal cases. They were able to bypass it using brute force as the password needed only 8 characters.

Keylogger

While trying to remove ransomware, security analysts also found a keylogger within MysteryBot. This keylogger is different from other keyloggers on Android’s ecosystem because of the way it works. Other keyloggers capture screenshots when a user is fooled into typing his login details. However, MysteryBot’s keylogger captures the touch gestures instead. Then it proceeds to predict the keys that the users typed by matching the gestures through a virtual keyboard.

Linked with LokiBot

One of the most worrying signs about MysteryBot has been its association with LokiBot. LokiBot is a notorious trojan in Android’s ecosystem. This link was revealed when security analysts were looking to remove ransomware and found its code similar to LokiBot. Furthermore, the control server that receives MysteryBot’s data was found out to be the same that used to receive data from LokiBot.

If you have been downloading apps from Android’s PlayStore, then you need to be careful of these malwares.

 

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Media Files are Equally Vulnerable to Ransomware Assaults Next post Jefferson Ohio Ransomware Attack

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.