New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom

We recently discovered 22 Android apps that belong to a new Trojan family we’re calling “Xbot”. This Trojan, which is still under development and regularly updated, is already capable of multiple malicious behaviors. It tries to steal victims’ banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface as

Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

We recently analyzed a Trojan named “Rootnik” which uses a customized commercial root tool named “Root Assistant” to gain root access on Android devices. By reverse engineering and repackaging this tool, the creators of Rootnik successfully stole at least five exploits that give them root access to Android devices that are running Android 4.3 and

Scareware App Downloaded Over a Million Times from Google Play

We have recently been investigating an antivirus app in the Google Play store that was displaying fake virus detection results to scare users into purchasing a premium service. According to the Google Play store statistics, users have downloaded “AntiVirus for Android™” more than one million times and the app was listed in Top 100 free

Privacy: Why Apple Pay will be Better than Google Wallet

On September 9, Apple announced that the latest iPhone models would come with a new technology called Apple Pay which allows people to purchase items with their phones, both in stores and online. Many smug Android users looked at the announcement and thought “Sounds like Google Wallet. Welcome to 2011 Apple.” As an individual who

Bad Certificate Management in Google Play Store

Following a recent study of apps in the Google Play Store, let’s discuss several security risks caused by the bad certificate management practiced in many Android apps, from social to mobile banking. All Android apps must be digitally signed with a certificate from the developer. As described in Google’s official document, the app developer is

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on