Android users are facing a fresh malware threat—Frankenstein virus that cybercriminals are wanting to spread across geographical locations. The malware was first discovered by security researchers from ThreatFabric, and assessed that it belongs to the LokiBot Android banking trojan.
A spokesperson said: “We believe there is indeed a link between the creator(s) of LokiBot and MysteryBot. This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code.”
MysteryBot has the ability to take control of infected devices. Its capabilities extend to reading messages, gathering contact information and stealing sensitive emails. Usually, Android malware is said to attack older devices, but MysteryBot targets recent softwares such as Android 7 and Oreo.
A report on Khaleej Times reads “MysteryBot records the location of a touch gesture and then tries to guess what the user has pressed based on points users touched the screen and the positioning of the virtual keyboard. It also has a ransomware module which means it can encrypt files and then store them in a password protected ZIP archive. Once encryption is complete a message pops up accusing the victim of having watched adult content. It then demands that an e-mail address is entered so that a password can be sent out.”
Express.uk reported that the malware overspreads the screen displaying fake login pages on top of authorised pages for the Google mobile OS in an effort to steal sensitive information.