Frankenstein virus: the most harmful mobile threat
MysteryBot as the basic danger of the Frankenstein Virus
Android has faced many Malware, Phishing and other kinds of attacks. As for the latest malware, it’s a real catastrophe, a destroying tool hard to deal with.
The virus is called MysteryBot and combines the features of a banking trojan, keylogger and ransomware. It’s astonishing, isn’t it? So, it’s the most dangerous malware we’ve come up with in years. It has much in common with the Lokibot, last year threat that threw off balance of the most security specialists.
The information about this Frankenstein Virus should be taken into account by Android users, because it combines the most harmful and powerful features of ransomware, keyloggers as well as banking trojans with the purpose to develop a multifunctional, over specified virus.
The striking similarity to Lokibot
MysteryBot Android Malware bears similarity to LokiBot; they are running on the same Command and Control (C&C) server.
The functions of Mysterybot include monitoring performance of the device being hit, reading messages, interception of personal information and banking details, etc. In the most cases, Android Malware is aimed at the older Android OS versions, because they are more exposed to latter-day threats. As for Mysterybot, it can affect recent android versions such as Nougat and Oreo.
If what is said is true, it also has ability to download an overlay screen, which can be disguised as fake login pages topside of authentic apps on the OS. Such fake pages represent the main way for attackers to hack any kind of information.
But researchers haven’t found the peculiarities of a keylogger MysteryBot Android malware is meant to have. Instead of this, it determines the location of every row and places a view over each key.
The malware also encrypts each file and sends it to a separate ZIP archive with the password-based access; all ZIP archives have the same password. ThreatFabric investigators posted in a blog that once encryption is finished, the user is involved in a dialog indicting him of watching pornographic movies. They also added that majority of Android banking Trojans are probably spread via phishing/smishing.
No reasons to worry yet
It is reported that MysteryBot is in the planning stage and isn’t found on the Internet environment yet. There’s nothing to worry about. The users should follow some instructions in order not to be snared: just download and install any app for your Android only from Google Play Store. No suspicious resources!
Be careful when entering your login information somewhere in public or private places. Precautions must be taken anyway.