Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Virus library

An analysis of the technologies used by cybercriminals allows us to draw conclusions about the virus industry’s possible vectors of development and more effectively confront future threats. You, too, can learn what actions various malicious programs take in infected systems and how to withstand them.

Android.ZBot in virus library:

A banking Trojan family for Android mobile devices intended to steal logins and passwords to access online banking services using fake authorization forms. The Trojans of this family also covertly steal money from users’ bank accounts. The Android.ZBot malware can be downloaded under the guise of a benign program once a user visits fraudulent or hacked websites, or another malicious application can download it to a device.

The Trojans can execute the following actions:

  • Send an SMS with a specific text to a specified number
  • Make phone calls
  • Send text messages to all user’s contacts
  • Intercept incoming SMS messages
  • Track the current GPS coordinates
  • Display a special dialog on top of a specified application

The server sends instructions to the Android.ZBot Trojans that specify the applications on top of which a phishing message is to be shown. Then they periodically begin to check whether the corresponding applications are running. Once one of such applications is launched, the banking Trojans create a special input form, the content of which is downloaded from the server, and display it on top of the application. Such fake dialogs often imitate authorization forms of online banking applications. Logins and passwords that were entered by a user are sent to the command and control server. If the victim tries to close the bogus dialog, the Android.ZBot Trojans redirect the user to the home screen creating an illusion that this prompt really belongs to the corresponding legitimate application.

Android.ZBot in virus library:

Android.ZBot.1.origin
Android.ZBot.127
Android.ZBot.129
Android.ZBot.130
Android.ZBot.132
Android.ZBot.133
Android.ZBot.2.origin
Android.ZBot.3.origin

Vulnerabilities for Android

According to statistics, every fifth program for Android contains a vulnerability (or, in other words, a "loophole") that lets cybercriminals successfully introduce Trojans onto mobile devices and manipulate them into doing whatever actions they need them to.

Dr.Web Security Auditor for Android diagnoses and analyses a mobile device’s security and offers solutions to address security problems and vulnerabilities.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124