January 31, 2023by Adi Bleih

Threat actor selling sophisticated Android malware

On January 21, a threat actor posted in a forum selling the source code of an Android bot. The malware,  “Xmbot Maza,” enables the attacker to access the user’s credentials, encrypt files, geolocate the device, and log keystrokes. The attacker can use this malware to gain full access to any Android device and spread from there to other devices. Having said this, malware is merely a tool, and the attacker must be proficient in order to use it effectively.

One can purchase the malware’s source code for $300 and also receive source code for an admin panel and an APK bot. Purchasing the source code enables the buyer to modify the malware.

Read more: Android malware is proliferating on dark web markets

The post concludes with a URL redirecting the potential buyer to the actor’s store. This site sells a variety of Android malware, including ransomware.

Android malware is one of the most widespread malware for sale on the dark web and remains one of the biggest threats in this landscape.


Learn More

You may also like

LockBit Seizure Blog-Thumbnail

February 22, 2024

International Law Enforcement Disrupts LockBit Ransomware Group's Dark Web Operations

Read more
Glupteba Botnet Blog-Thumbnail

February 15, 2024

Glupteba Botnet Adds UEFI Bootkit to Cyberattack Toolbox

Read more
PCI DSS Blog-Thumbnail

February 14, 2024

PCI DSS 4.0: How Cybersixgill can help merchants meet the new requirements

Read more