S0298 Xbot
Xbot is an Android malware family that was observed in 2016 primarily targeting Android users in Russia and Australia.
Item |
Value |
ID |
S0298 |
Associated Names |
|
Type |
TOOL |
Version |
1.1 |
Created |
25 October 2017 |
Last Modified |
11 December 2018 |
Navigation Layer |
View In ATT&CK® Navigator |
Techniques Used
Domain |
ID |
Name |
Use |
mobile |
T1412 |
Capture SMS Messages |
Xbot steals all SMS message and contact information as well as intercepts and parses certain SMS messages. |
mobile |
T1471 |
Data Encrypted for Impact |
Xbot can encrypt the victim’s files in external storage (e.g., SD card) and then request a PayPal cash card as ransom. |
mobile |
T1446 |
Device Lockout |
Xbot can remotely lock infected Android devices and ask for a ransom. |
mobile |
T1411 |
Input Prompt |
Xbot uses phishing pages mimicking Google Play’s payment interface as well as bank login pages. |
References