Android Ecosystem Threatened by MysteryBot

Android’s ecosystem has become a hot target for cyber criminals. Android mobiles, tablets and smart devices have been attacked by a new malware that incorporates the classic features of a malware i.e. keylogger, ransomware and trojan.

Security analyst specializing in ransomware removal found out a malware, MysteryBot in several Android apps. MysteryBot is similar to previous malwares related to Android. However, the previous ransomwares were countered by Android latest versions, 7 and 8. MysteryBot has been successful to break these improved security mechanisms. One of the biggest threats associated with it, is its capability to mimic Android 7 and 8 OS’ screens reliably. These fake screens fool the users to post their private login details.

Presence of Ransomware

Like other malwares, MysteryBot did also contain a ransomware. While trying to remove ransomware from MysteryBot, experts found that the ransomware has the ability to gain access to users’ files that are saved externally. The ransomware then blocks the access to these files with a password.

However, security analysts found it to be one of the easiest ransomware removal cases. They were able to bypass it using brute force as the password needed only 8 characters.

Keylogger

While trying to remove ransomware, security analysts also found a keylogger within MysteryBot. This keylogger is different from other keyloggers on Android’s ecosystem because of the way it works. Other keyloggers capture screenshots when a user is fooled into typing his login details. However, MysteryBot’s keylogger captures the touch gestures instead. Then it proceeds to predict the keys that the users typed by matching the gestures through a virtual keyboard.

Linked with LokiBot

One of the most worrying signs about MysteryBot has been its association with LokiBot. LokiBot is a notorious trojan in Android’s ecosystem. This link was revealed when security analysts were looking to remove ransomware and found its code similar to LokiBot. Furthermore, the control server that receives MysteryBot’s data was found out to be the same that used to receive data from LokiBot.

If you have been downloading apps from Android’s PlayStore, then you need to be careful of these malwares.

Simeon Georgiev

https://www.linkedin.com/in/simeon--georgiev/

I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: simeon10georgiev@gmail.com

Previous post Media Files are Equally Vulnerable to Ransomware Assaults Next post Jefferson Ohio Ransomware Attack