By continuing to use the site or Forum, you agree to the use of cookies, find out more by reading our GDPR policy.

Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware. Named MysteryBot, this malware strain is still under development, according to security researchers from ThreatFabric, who recently ran across this new threat. ThreatFabric says MysteryBot appears to be related to the well-known and highly popular LokiBot Android banking trojan. "Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot," a ThreatFabric spokesperson told Bleeping Computer via email today. "This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code," the spokesperson added. Furthermore, according to a report the company published yesterday, the recent MysteryBot malware sends data to the same command and control (C&C) server used in a past LokiBot campaign, clearly suggesting they are being controlled and developed by the same person or group. The reasons why the LokiBot group is now developing MysteryBot are unknown, but they may be related to the fact that the LokiBot source code leaked online a few months back. There's more detailed information on OUR FORUM.

 

Latest Articles