S0298 Xbot
Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. 1
| Item | Value |
|---|---|
| ID | S0298 |
| Type | TOOL |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1471 | Data Encrypted for Impact | Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.1 |
| mobile | T1642 | Endpoint Denial of Service | Xbot can remotely lock infected Android devices and ask for a ransom.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | Xbot uses phishing pages mimicking Google Play’s payment interface as well as bank login pages.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.004 | SMS Messages | Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.1 |