Security News > 2022 > June > New Android banking malware disguises as crypto app to spread
While tracking the mobile banking malware FluBot, the F5 Labs researchers discovered the new Malibot threat targeting Android phones.
The second distribution channel is via smishing, directly hitting Android phones: Malibot has the ability to send SMS messages on-demand, and once it receives such a command it sends texts on a phone list provided by the Malibot command and control server.
In addition to collecting the Google account credentials, Malibot is also able to bypass Google's 2FA. When the user tries to connect to their Google account, they are shown a Google prompt screen that the malware immediately validates.
The infected device application list is also provided by the malware to the attacker, which helps the attacker know what application can be hooked by the malware to show an inject instead. An inject is a page shown to the user that perfectly impersonates a legitimate one.
Researchers expect the attackers to deploy more malware via these new websites in other parts of the world, including the U.S. How to protect yourself from Malibot.
The malware is distributed only from websites built by the cybercriminals and SMS. It is not currently spread through any legitimate Android platform such as the Google Play Store.
News URL
https://www.techrepublic.com/article/android-banking-malware-disguises-crypto/
Related news
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- New DroidBot Android banking malware spreads across Europe (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Crypto-stealing malware posing as a meeting app targets Web3 pros (source)