An experimental form of Android malware, which was first
considered to be an updated version of Lokibot, is known to convey a banking
Trojan, a keylogger and ransomware to those most likely to succumb to it.
It is said to contain a couple of new features that the
specialists are naming it as a yet another type of malware - MysteryBot.
The MysteryBot and the LokiBot are referred to share the
same command as well as the control server which in this way shows an already
established strong link between these two types of malware, with the potential
that they've been produced by the same attacker.
While the MysteryBot is well equipped for performing various
pernicious exercises, like making a phone call, stealing contact information,
forwarding the incoming calls to another device, setting the keylogger, it is
also capable of encoding the files possessed by the device and erases all
contact information on the device.
It has the ability to effectively target Android versions 7
and 8 utilizing overlay screens intended to look like genuine bank websites,
while numerous other Android malware families are focusing on attacking the older
variants of the Google operating system.
Is additionally said to use a somewhat complex keylogging
functionality that was never known and it supposedly employees two other
banking Trojan's keylogging Module (CryEye and Anubis) to abuse the Android
Accessibility service.
Be that as it may, notwithstanding a portion of the
abilities of MysteryBot presently being underdeveloped, the malware is as yet a
potential danger.
MysteryBot isn't at present widespread and is still being
worked on, however it is recommended that the users ought to be careful about
any applications they download which requests an over the top number of
authorizations.
