Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:27:16 UTC
Home > List all groups > List all tools > List all groups using tool ExoBot
 Tool: ExoBot
Names ExoBot
Category Malware
Type Banking trojan, Info stealer, Credential stealer, Botnet
Description
(IMB) ExoBot is Android malware that was based originally on a previous code known
as Marcher. This code represents a banking Trojan that uses the overlay technique —
that is, popping up fake windows that hide the original app users open — to trick
victims into tapping their banking credentials into a fake interface. After stealing
account access details, the malware can also intercept SMS messages and phone calls,
thereby enabling criminals to take over the victim’s bank account and other financial
accounts at their discretion.
Some of the capabilities that enable ExoBot to facilitate fraudulent activity on infected
devices include gaining admin privileges, launching overlay screens, and exfiltrating
SMS, data and other information from the infected device.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool ExoBot
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f
Page 1 of 2

Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f
Page 2 of 2