Skip to content

S0298 Xbot

Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia. 1

Item Value
ID S0298
Version 1.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1471 Data Encrypted for Impact Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.1
mobile T1642 Endpoint Denial of Service Xbot can remotely lock infected Android devices and ask for a ransom.1
mobile T1417 Input Capture -
mobile T1417.002 GUI Input Capture Xbot uses phishing pages mimicking Google Play’s payment interface as well as bank login pages.1
mobile T1636 Protected User Data -
mobile T1636.004 SMS Messages Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages.1