back to article Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …

  1. Alistair Silver badge
    Windows

    Please. PLEASE.

    Editors. You need editors.

    1. Picky
      FAIL

      Re: Please. PLEASE.

      Indeed, indeed.

    2. adnim Silver badge

      Re: Please. PLEASE.

      16:37 pm Friday... So close to beer o'clock. I often used to think... I've had enough I want out of here.

      Have a hug John.

  2. Mr.Bill

    forgot something

    just to save you from having to read the source to get the only thing that matters at all, but is not apparently important enough for the author here it is:

    "We are not clear how Xbot spreads in the wild [ed. stupid individuals]. However, using VirusTotal we found samples that were hosted on the below URLs over the past several months:

    hxxp://market155[.]ru/Install.apk

    hxxp://illuminatework[.]ru/Install.apk

    hxxp://yetiathome15[.]ru/Install.apk

    hxxp://leeroywork3[.]co/install.apk

    hxxp://morning3[.]ru/install.apk"

  3. Anonymous Coward
    Anonymous Coward

    So you decide to ignore the security warning and allow apps to be loaded from untrusted sources, then you visit some dodgy Russian web sites , next you decide to download and manuallly install said app onto your device, then prompted to logon to your bank account you do so... Only to find that you have unwittigly fallen victim of this despicable malware.. Truly Shocking!

    1. Crazy Operations Guy Silver badge

      Never underestimate the stupidity of the average user. I figure that they could pull off this ruse by offering free money and requiring them to verify their bank account (similar to PayPal's bank account verification works by depositing a random amount of money into your account and you verify you own that account by typing in that value and a random number added into the transaction description which would show as POS/PAYPAL*12345678901)

    2. Anonymous Coward
      Anonymous Coward

      "So you decide to ignore the security warning"

      Or you just open an SMS....

  4. Anonymous Coward
    Anonymous Coward

    Since all my devices are rooted, any transaction Google Pay related being processed would be a HUGE surprise. Not that I trust transactions to a totally, moronically, insecure device. And I'm talking about computers as a whole, for incipient bashing.

  5. Walter Bishop Silver badge
    Linux

    Banking Xbot trojan poses as banking app

    There: corrected for elReg title filter .. How exactly does this the Xbot trojan got onto the device, without the enduser explicidly downloading and installing the app and giving it the admin password?

  6. This post has been deleted by its author

  7. x 7

    "Security researchers at Palo Alto Networks’ research team, Unit42, have developed a 22 Android apps "

    what kind of English is that? Or did the research team develop the rogue apps? That's what appears to be claimed

  8. Paratrooping Parrot
    WTF?

    I am a bit confused. Why did the Palo Alto Research Team create Xbot?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019