Threat Fabric (formerly known as SfyLabs) reports of a newly discovered banking Trojan targeting Android 7 and 8 versions. It seems to be linked to Lokibot, the hydra of the Android malware zoo, because it uses the same command and control (C&C) server.
The recently discovered banking Trojan, dubbed Mysterybot, seems to be an update of Lokibot, or belonging to the same family of Trojan malware.
Lokibot is known as the hydra of the Android malware zoo, because it has Android Trojan and ransomware capabilities. Killing one does not kill the other.
Mysterybot features improved commands compared to Lokibot, a new name, and modified network communication.
“Although certain Android banking malware families such as but not limited to ExoBot 2.5, Anubis II, DiseaseBot have been exploring new techniques to perform overlay attacks on Android 7 and 8, it seems that the actor(s) behind Mysterybot have successfully implemented a workaround solution and have spent some time on innovation,”
Here is a list of the ‘innovative’ features the researchers discovered:
Mysterybot seems to be the next step in the evolution of Android banking malware, inheriting from the hydra Lokibot, and at the same time improving it by being a banking Trojan, ransomware, and keylogger in one malware agent.
About the author
Software test engineer, Founder TestingSaaS, a social network about researching cloud applications with a focus on forensics, software testing and security.
(Security Affairs – Mysterybot Android malware, Lokibot)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.