Android users are being warned about a dangerous virus that combines the worst features of smartphone malware.
Dubbed MysteryBot, the malware includes features from bank trojans, keyloggers and ransomware that can attack a device on many different fronts and could be used to steal passwords and banking data.
Discovered by security firm Threat Fabric, Mystery Bot is thought to be related to the dangerous Lokibot banking trojan that is known to attack Android smartphones and tablets.
“Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot”, a spokesperson for Threat Fabric told Bleeping Computer.
“This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code.”
Experts say that MysteryBot is capable to taking control of an infected device and can read messages and can also gather sensitive information sent via email.
Typically Android malware targets old versions of Google’s mobile operating system, but MysteryBot is capable of infecting devices running newer versions such as Android 7.0 and Android 8.0.
The malware tricks users by using an overlay that looks like a login screen to a legitimate app. Unsuspecting users then enter their login details which are then obtain by the cyber criminals responsible for the malware.
MysterBot also has a keylogger feature that takes screenshot of what is being typed on the keyboard. It then can tries to decipher what the user has pressed in a bid to syphon passwords and login credentials.
And if that wasn’t bad enough it also has ransomware capabilities which can lock a user out of an infected device before demanding payment in order for access to be returned.
“The enhanced overlay attacks also running on the latest Android versions combined with advanced keylogging and the potential under-development features will allow MysteryBot to harvest a broad set of personal identifiable information in order to perform fraud”, the researchers said.
Fortunately, MysterBot is yet widespread, but researchers have said they have discovered it in malicious versions of a Flash Player app for Android.
“In general, the consumer must be aware that all of the so called ‘Flash Player (update) apps’ that can be found in and outside the various app stores are malware, the researchers said.
“Many web sites still require visitors to have support for Flash (which has not been available on Android for many years) causing Android users to try and find an app that will let them use that web site.
“In the end they will just end up installing malware.”
As always, the advice to Android users is to only download apps from the Google Play Store and make sure up to date anti virus software is installed on your smartphone or tablet.