MaliBot Android Malware
A potent new Android malware has been identified by infosec researchers. The threat is particularly vicious, as it can bypass multi-factor authentication protection measures to collect passwords and other credentials, obtain banking details and compromise crypto-wallets. The malware was analyzed by cybersecurity experts who track it as the MaliBot malware. So far, the primary victims of the threat appear to be customers of Spanish and Italian banks.
According to their findings, the threat is designed to target Android devices specifically. The malware is being distributed via smishing or corrupted websites. Smishing involves sending phishing and luring SMS messages to potential targets. These messages, as well as the weaponized websites, contain download links that will deliver MaliBot to the user's device. It should be pointed out that the researchers were able to uncover two unsafe websites spreading the threat with one of them posing as a legitimate cryptocurrency app that has millions of downloads on the Google Play Store.
Once activated on the device, MaliBot will ask for accessibility and launcher permissions. The threat requires them to perform its full range of invasive functions. MaliBot can extract and exfiltrate sensitive information, such as credentials and banking details from the device. To circumvent any multi-factor authentications, the threat abuses the accessibility permissions to simulate a click on the 'Yes' button of the targeted app's login page.
Naturally, users that notice their phone pressing buttons on its own will become immediately suspicious that something is wrong. That is why MaliBot hides its actions under an overlay that is projected over the prompt. A similar technique is used to compromise cryptocurrency wallet applications. In addition, the attackers can use MaliBot to send SMS messages from the breached device and infect other unsuspecting users.