Xbot: New Android malware takes control of your phone and steals banking details


Security researchers have issued a warning about a new kind of Android malware designed to steal bank details and other confidential data from your tablet or smartphone.

According to security company Palo Alto Networks, the malware known as Xbot, has been infecting devices in Australia and Russia at an alarming rate and it is believed that it’s only a matter of time before the threat becomes more widespread.

Xbot uses what is known as activity hijacking in order to steal bank details and other personal data from your phone.

Users are often totally unaware that activity hijacking is even taking place.

Xbot works by mirroring one of the apps on your phone. For example, if you open a banking app, Xbot launches a mirror interface so it looks like you are using the app as normal. However, with your banking app now open, Xbot is able to access your bank details which are then downloaded to a server controlled by the creators of the malware.

Xbot also works by mimicking a payment registration page in order to harvest credit or debit card details. The fake page looks like the payment page from Google Play.


According to Palo Alto, Xbot is imitating the banking apps of some of the most popular banks in Australia.

As well as being used to steal financial information, Xbot also carries out a ransomware attack, infecting devices with a well known ransomware program called CryptoLocker.

Ransomware works by encrypting your device, essentially locking it down before asking for payment for the device to be unlocked. In the case of Xbot, some users have reported being redirected to a spoof PayPal site where they are asked to hand over $100 to unlock their phone.

Xbot has been infecting devices running versions of Android older than 5.0 taking advantage of some of the outdated security features on the old operating system.

Providing you have kept your Android device updated then you should be safe from Xbot. It is always important to keep the software on your phone updated and ensure you have some kind of anti virus or malware protection installed.

Ransomware is perhaps the biggest threat to both mobile and desktop users, and it isn’t only consumers that can become victims.

Earlier this week, the Hollywood Presbyterian Medical Centre revealed that it was forced to hand over almost $17,000 to hackers who used ransomware to essentially lock the hospital out of its own computer network.

Source: Palo Alto Networks



1 Comment

  1. Dexter Marlowe on

    another malware? how am i not surprised. waiting for the next Android malware.