Skip to content

S0298 Xbot

Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. 1

Item Value
ID S0298
Associated Names
Version 1.1
Created 25 October 2017
Last Modified 11 December 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1412 Capture SMS Messages Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.1
mobile T1471 Data Encrypted for Impact Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.1
mobile T1446 Device Lockout Xbot can remotely lock infected Android devices and ask for a ransom.1
mobile T1411 Input Prompt Xbot uses phishing pages mimicking Google Play’s payment interface as well as bank login pages.1


Back to top