MysteryBot Malware Package of Banking Trojan, Ransomware, and Keylogger

Security researchers at ThreatFabric have found a new type of Android malware called MysteryBot, this malware is a combination of banking trojan, keylogger, and a ransomware, making it most destructive malware in the recent times.

Initially, when this malware was found, it was thought to be an updated version of LokiBot, a banking Trojan which wreaked havoc last year as it turned into ransomware whenever someone tried to remove it from their device. But MysteryBot malware has some more threats as comparing LokiBot.

According to researchers both the malware are quite similar and are currently running on the same command and control server. The striking difference between both the malware is that the MysteryBot malware has the capabilities to take control over users' phone. 

A ThreatFabric spokesperson said: "Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot. This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code”.

MysteryBot malware's commands can steal your contacts, emails, messages, remotely start apps saved on a device, manipulate banking apps and also register keystrokes. Their main targets are users who are on Android 7.0 and Android 8.0.

"The encryption process puts each file in an individual ZIP archive that is password protected, the password is the same for all ZIP archives and is generated during runtime. When the encryption process is completed, the user is greeted with a dialog accusing the victim of having watched pornographic material," said ThreatFabric researchers in a blog post. “Most Android banking Trojans seem to be distributed via smishing/phishing & side-loading,” they added.

However, MysteryBot is still under development and is not quite widespread on the internet. But, users are recommended not to install any Android apps from other sources apart from Google Play Store.