MaliBot, a potent new Android spyware, is discovered by cybersecurity researchers. Be cautious about what you download and where you get it.
A different type of Android virus steals customers’ passwords, bank credentials, and crypto-wallets by circumventing multi-factor authentication safeguards.
The virus has been described in full by F5 Labs cybersecurity researchers, who have called it MaliBot. It’s the newest in a long line of dangerous viruses aimed at Android users.
MaliBot may read texts, collect browser cookies, and take screenshots from compromised Android smartphones in addition to remote collecting of passwords, bank credentials, and cryptocurrency wallets.
It may also circumvent multi-factor authentication (MFA), which is one of the most important cybersecurity defenses users can adopt to defend themselves from cyber attackers.MaliBot, like much other Android malware, spreads by sending phishing messages to victims’ smartphones via Text messages or by directing victims to fake websites. Victims are asked in both situations to click on a link that installs spyware to their smartphone.
So far, researchers have discovered 2 malicious sites used to disseminate MaliBot, one of which is a spoof version of a real cryptocurrency-tracking software with over a million downloads from the Play Store.
MaliBot requests the user for access and launches rights after being installed to track the device and undertake malicious actions. This involves obtaining personal data like as passwords and bank account data and also manipulating the gadget to push the user into providing further data, which it achieves through stealing multi-factor authentication credentials.
Google Android users are advised to use two-step verification, which is supposed to prevent hackers from accessing accounts even if the password is known – but the malicious hackers behind MaliBot are aware of this and have discovered a way around it.
MaliBot may circumvent multi-factor authentication once it has collected credentials on the device by leveraging the accessibility rights to click the ‘Yes’ button on the popup inquiring if the victim is attempting to sign in. If a viewer views this, they may be suspicious, however, the permission provided to MaliBot may conceal an overlaying over the question, making it invisible.
MaliBot employs a similar approach to circumvent further security measures around cryptocurrency wallets, enabling attackers to gain any cryptocurrencies from the account associated with the infected Android device.
MaliBot is capable of sending Text messages that may be used to infect others with the malware, in addition to stealing private information and cash from the victim – a method identical to that which caused FluBot spyware to become so effective. The MaliBot is currently just attacking users of Spanish and Italian banks, but experts warn that “a larger spectrum of targets will be introduced to the program as time goes on.”
While the virus is designed to steal bank information and cryptocurrencies, it is possible that MaliBot’s formidable features, which enable command of an infected computer, might be used for “a wider spectrum of assaults beyond obtaining credentials and bitcoin.”
To prevent becoming a victim of Android malware assaults, users should be cautious about clicking links in unexpected SMS and installing applications from 3rd-party sites.
People should always be aware of the hazards involved with allowing accessibility choices; while they have valid applications, they are also extensively misused by cyber thieves.
Source: zdnet
Also read about: New feature to bypass CAPTCHAs on iOS 16