S0298 Xbot
Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia.
| Item |
Value |
| ID |
S0298 |
| Associated Names |
|
| Type |
TOOL |
| Version |
1.1 |
| Created |
25 October 2017 |
| Last Modified |
11 December 2018 |
| Navigation Layer |
View In ATT&CK® Navigator |
Techniques Used
| Domain |
ID |
Name |
Use |
| mobile |
T1412 |
Capture SMS Messages |
Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages. |
| mobile |
T1471 |
Data Encrypted for Impact |
Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom. |
| mobile |
T1446 |
Device Lockout |
Xbot can remotely lock infected Android devices and ask for a ransom. |
| mobile |
T1411 |
Input Prompt |
Xbot uses phishing pages mimicking Google Play’s payment interface as well as bank login pages. |
References