Security News > 2022 > June > New Android banking malware disguises as crypto app to spread

While tracking the mobile banking malware FluBot, the F5 Labs researchers discovered the new Malibot threat targeting Android phones.

The second distribution channel is via smishing, directly hitting Android phones: Malibot has the ability to send SMS messages on-demand, and once it receives such a command it sends texts on a phone list provided by the Malibot command and control server.

In addition to collecting the Google account credentials, Malibot is also able to bypass Google's 2FA. When the user tries to connect to their Google account, they are shown a Google prompt screen that the malware immediately validates.

The infected device application list is also provided by the malware to the attacker, which helps the attacker know what application can be hooked by the malware to show an inject instead. An inject is a page shown to the user that perfectly impersonates a legitimate one.

Researchers expect the attackers to deploy more malware via these new websites in other parts of the world, including the U.S. How to protect yourself from Malibot.

The malware is distributed only from websites built by the cybercriminals and SMS. It is not currently spread through any legitimate Android platform such as the Google Play Store.

News URL

https://www.techrepublic.com/article/android-banking-malware-disguises-crypto/