Last year, the Android banking malware called Exobot was released to the public domain. It targets banking apps with one goal in mind: Stealing money! Exobot is an Android malware first seen in 2016, and for three years and counting, hackers can easily get their mitts on its code. You can bet that during this time, Exobot has seen many upgrades that improve its stealth-like capabilities. But unlike other banking malware, Exobot uses a bot network (botnet) to spread quickly.
Exobot starts by placing an invisible layer over a financial website. Unknowingly, users provide Exobot hackers with their passwords and other login information. Once Exobot takes hold, it steals any financial data it can, even from other apps on a device. That data includes passwords, account numbers, payment card details, and any other information it can use to clean out user accounts. Exobot also has the ability to intercept text and phone messages to allow criminals to take over victim's financial accounts.
Botnets are legendary for their blazing fast speed and ability to rapid-fire data worldwide. The combination of Exobot malware and botnets is proving unfortunate for those everyday users who find themselves on the losing end of a financial nightmare.
Techopedia defines a botnet as “…a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks.”
In other words, it may help to think of bots as malware spiders and the botnets are their internet webs that connect with other botnet webs. As a result, Exobot is literally everywhere at once and users should know just what they’re up against.
Not only does Exobot use botnet webs to spread its malware, it’s also sophisticated and can be modified for spin-off malware and new threats. Helping Exobot’s stealthy one-two punch is that it avoids detection by antivirus tools and has disabled some security software like Avast and BitDefender. It infiltrates even the latest Android systems and loves hiding in banking apps.
Staying safe as possible from malware like Exobot requires paying attention, and informed users are its biggest foes. Since Exobot hides in apps, keep app purchases limited to trusted sources like Google Play Store or the Apple App store. Remember, even though an app has passed the legitimacy check, the vetting is not foolproof. Pay close attention during any app download, especially those having to do with finances. Carefully check permissions an app requests, as many are not necessary and can compromise your data security–so don’t hesitate to deny them. Remember that nearly no app really needs administrator permissions.
Another important security step is remembering to BOLO (Be On the LookOut) for email phishing. Hackers are crazy good at sending legitimate-looking emails with subject lines and content designed to get your attention. If you have the slightest suspicion an email isn’t legitimate, delete it and move on. Phishing emails have malware-filled attachments and fake links to equally fake web pages. Always use 2FA (Two Factor Authentication) when available as it adds an additional layer of user verification. Also consider using your smartphone as a physical key, which can be setup on your phone depending on the operating system. Random code generators are available and many websites work with those to provide that added security layer.
Because malware isn’t going away anytime soon, always have your cyber smarts on high alert guarding the front gate of your devices.