Exo/Exobot

Exo/Exobot is a banking Trojan, discovered in December 2016, affecting Android versions 4, 5, and 6. As early as June 2016, Exobot was advertised and sold on hacking forums, Darknet marketplaces, and later, a public internet website and advertised in Jabber/XMPP spam. The Trojan is being sold for various prices and rented out on a weekly, monthly, or yearly basis. Features of Exobot include: SMS intercept, web injects, credit card stealers, lock/unlock device with a password, disable screen and phone use, and send mass SMS to all contacts, all without root access to the device. The author also allows buyers to use a control panel to manage infected devices, or “bots.”

Technical Details

  • Bleeping Computer provides technical details on the Exobot Trojan, available here.
One example of the Exo/Exobot Trojan. Image Source: Bleeping Computer

One example of the Exo/Exobot Trojan. Image Source: Bleeping Computer