Home Malware Programs Trojans Xerxes Malware

Xerxes Malware

Posted: July 21, 2020

The Xerxes Malware used to be a privately developed Trojan for the Android operating system. However, it became much more accessible to cybercriminals in May 2019 when its source code was released online – it is not clear whether this was an accident, or if the authors published their malware's source code intentionally. Regardless of the reason, Xerxes quickly became a favorite of many cybercriminals who were looking to experiment with Android-compatible cyber threats.

When the Xerxes Malware was first reported, malware experts determined that it shared a lot of features with LokiBot, another Android Banking Trojan that was released a few years ago. However, the author of the Xerxes Malware had extended the implant's feature successfully, and the threat was able to do more than just collect banking credentials – the Xerxes Malware also supports the ability to encrypt the files stored on the Android device, and then extort the victims for money by offering to provide them with a decryption utility. Android Trojans with ransomware modules are not a frequent occurrence, and the Xerxes Malware is one of the few to support this threatening feature.

Unfortunately, recovering the files locked by the Xerxes Malware may be next to impossible, and often the only reliable way to accomplish this task is to restore the files from a reserve backup. When the Xerxes Malware manages to plant itself on a vulnerable Android device, it may adopt a name typical for popular Google services, therefore making it more difficult to identify the corrupted application and process. The threat may be spread via fake downloads, phishing text messages or emails and fake applications hosted on shady websites.

Apart from being very threatening on its own, the Xerxes Malware also has enabled other cybercriminals to develop new malware based on the project's source code – the latest Android Trojan to make use of Xerxes' source code is the BlackRock malware that first appeared in July 2020. The pleasant news is that regardless of how advanced Android Trojans may be, there is one guaranteed way to stop them – invest in a reputable Android anti-virus application that will scan incoming files for harmful traits, and terminate them in case it detects any unsafe intentions.

Loading...