Exobot Android Malware

A sophisticated mobile malware known as Exobot, or Exo Android Bot, is targeting Android devices. The threat is capable of performing numerous intrusive actions on the breached devices. Furthermore, it utilizes several techniques that set it apart from the majority of other Android Trojans. For example, Exobot does not require any permissions on the device and, as such, doesn't need to exploit the Accessibility Services or Usage Stats on the infected devices. It also can be controlled by SMS in the case that the device doesn't have any mobile data or Wi-Fi connection.

Exobot can manipulate SMS in a variety of ways. It can intercept, hide, or delete them, transmit reports on incoming messages and even send out SMS messages on its own. One of its primary functions is the ability to add the breached device to a botnet. The attackers can then use the victim's device to launch spam campaigns spreading more threats, misinformation or unsafe links leading to weaponized websites.

The Trojan also can be instructed to carry out overlay attacks. In these cases, the threat will overlay the legitimate login screens of the targeted applications with similarly-looking but fake ones. When users input their credentials or other sensitive information into the phishing screen, it will be extracted and made available to the cybercriminals. The compromised data could include account credentials, banking details, credit/debit card numbers, etc. The developers of Exobot even offer to create specific overlays for the applications that their cybercriminal clients plan to target.

Exobot also can be instructed to act as a type of screen locker. The threat can lock the device, set a new password for unlocking it and display a custom message on the locked screen. In practice, the attackers can prevent users from accessing the infected Android devices and demand payment of a ransom to unlock them.