Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.
Named MysteryBot, this malware strain is still under development, according to security researchers from ThreatFabric, who recently ran across this new threat.
MysteryBot has connections to LokiBot
ThreatFabric says MysteryBot appears to be related to the well-known and highly popular LokiBot Android banking trojan.
"Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot," a ThreatFabric spokesperson told Bleeping Computer via email today.
"This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code," the spokesperson added.
Furthermore, according to a report the company published yesterday, the recent MysteryBot malware sends data to the same command and control (C&C) server used in a past LokiBot campaign, clearly suggesting they are being controlled and developed by the same person or group.