Have you ever seen or heard of Exobot? If not, what’s the first thing that comes to mind?
Before you make any guesses, I will tell you it’s not a character from Transformers, nor is it the name of a sinister Fedex delivery robot. But it is real, and should be taken very seriously.
Exobot is actually pretty sophisticated malware that could infect your phone. And it has one purpose: to go after your financial information and steal your money.
The rise of Exobot
The name Exobot sounds scary because it is scary. In a nutshell, this nasty malware is an Android banking trojan that first started making waves at the end of 2016.
For whatever reason, the author of this malware either sold it to someone who leaked the entire source code publicly, or they did it themselves. That’s unclear, but the malware code quickly became popular in hacker forums when that happened about a year ago.
Fast forward to 2019, and a group of researchers recently released a major analysis of Exobot. And based on what cybersecurity firm WatchGuard Technologies found, there’s a lot to be concerned about.
What’s Exobot and how is it different from other banking trojans?
Exobot is a botnet, which is malware that allows someone to access an infected device remotely. It’s a trojan that hides inside a malicious app, such as one that poses as a banking app.
So let’s say you download what you think is a real Android banking app, but you get it somewhere other than the Google Play Store (bad idea, by the way). Little do you know at the time, this trojan-laced app plans to steal your information.
Once your Android device is infected, Exobot will start with an overlay attack by placing an invisible layer over the top of an app’s user interface. So as you’re entering your banking login and password, the window you can’t even see is what’s actually collecting that information and delivering it back to the hackers.
Now they have your banking credentials and could potentially go in and drain your accounts.
There have been other Android banking trojans over the past few years such as BankBot. Its source code leaked online in late 2016 and was a big problem the following year. Exobot is even more sophisticated and can be spun-off or modified into new threats.
Think of it this way: With Exobot, you don’t have to be a savvy cybercriminal with programming skills because the code’s already written. That opens the door for other crooks who wouldn’t normally take part in such sophisticated methods to steal from you.
Why Exobot is such a big threat
Here’s why Exobot is such a threat in that regard: According to analysis by the WatchGuard Threat Lab, Exobot can automatically target about 150 sites such as Amazon, Facebook, PayPal and Western Union. It’s also adaptable.
And did I mention it’s sophisticated? This malware isn’t made just to fool you, but also to avoid detection from typical network analysis tools.
Not just that, Exobot can even disable some antivirus programs such as Avast and BitDefender. It’s also capable of infecting devices running the latest versions of Android, and might not even need you to approve normal Android permissions request.
Keep Exobot and other malware from infecting your devices
First of all, malware won’t just magically pop-up on your devices. It has to trick its way in, and that’s often done by posing as a legitimate app. So your first line of defense is to stay away from any apps not coming from official sources.
Along those same lines, that definitely doesn’t mean every app that comes through the Apple App Store or the Google Play Store is perfectly safe. Apple runs a tight ship when it comes to vetting content it offers.
If you’ve seen our recent reports about the Google Play Store, however, it’s often asleep at the virtual guard shack and a lot of questionable apps make their way in.
If you’re pretty sure you’ve downloaded a legitimate app, don’t let your guard down just yet. Watch for the kinds of permissions it wants you to approve. A lot of apps have absolutely no business accessing parts of your device that could be compromised.
Watch out for phishing attacks through email and texts. Scammers are becoming much more detail-oriented in their latest attempts, and can make fake emails look pretty convincing. So don’t click on any links or attachments as that could also put you on the fast track to an infected device.
Enable two-factor authentication (2FA) any time it’s available to add an extra layer of security to your sensitive online accounts (but it’s also not perfect). If you want even more protection, consider a physical key. Just don’t lose it.
If you would like to read WatchGuard’s full 47-page report, tap or click here.
Online banking, whether it’s managing all your accounts online or making mobile payments, is becoming more and more popular every day and the sky’s the limit. That means malware specifically designed to steal banking and financial information will keep coming back. Exobot isn’t the first, and it certainly won’t be the last.