Go to listing page

MaliBot Banking Trojan Targets Android Users in Italy and Spain

MaliBot Banking Trojan Targets Android Users in Italy and Spain
If you are not vigilant, your banking experience may turn sour and leave you disappointed in the coming days. Just weeks after a coordinated law enforcement effort demolished FluBot, a new strain of Android malware called MaliBot was detected. It is targeting online banking and cryptocurrency wallet consumers in Spain and Italy.

What is MaliBot?

MaliBot is known to take the form of cryptocurrency mining apps like Mining X or The CryptoApp, which are disseminated through bogus websites designed to entice people to download them.

Who has been Malibot’s prey?

Some of the banks targeted by MaliBot using this approach include UniCredit, Santander, CaixaBank, and CartaBCC. It is also sensitive data from the Binance and Trust Wallet apps, such as total balances and seed phrases.

MaliBot infects systems in what way?

The information-stealing trojan, nicknamed MaliBot by F5 Labs, has all of the features of other mobile threats. 
  • It has the ability to collect credentials and cookies, bypass multi-factor authentication (MFA) codes, steal 2FA credentials from the Google Authenticator app, and watch the victim's device screen using Android's Accessibility Service.
  • MaliBot also leverages smishing as a distribution vector to spread the malware by accessing an infected smartphone's contacts and sending SMS messages with links to the virus.

MaliBot's Origins and connection with Russia

  • MaliBot's command-and-control (C2) servers are based in Russia, and they appear to be the same ones that distributed the Sality virus.
  • It's a substantially tweaked version of the SOVA malware, with new capabilities, targets, C2 servers, domains, and packing techniques.

More about the threat

  • Due to the malware's adaptability and the power it offers attackers over the device, it could theoretically be used for more than just stealing credentials and bitcoin.
  • In reality, any application that uses WebView is vulnerable to the theft of the user's credentials and cookies.

Final Thoughts

MaliBot's threat is genuine, and the rise in android banking attacks might be disastrous in an era dominated by digital banking and cryptocurrency transactions. Users are advised to stay cautious.
Cyware Publisher

Publisher

Cyware