MaliBot is the latest threat that stalks Android users in Spain: it can steal access codes to the main banks.
flubot managed to endanger millions of people around the world by being a virus targeting android capable of taking full control of devices, and accessing sensitive data, including access codes to financial applications. Their disappearance, confirmed by Europolseemed to have come to give us a truce, but everything seems to indicate that the successor of FluBot is already a reality.
Has been baptized as MaliBot by the firm specialized in cybersecurity F5, tasked with discovering it while monitoring the FluBot Trojan. This company assures that it is malware aimed mainly at users of two of the main financial entities in Spain: Santander and CaixaBank.
Trojan masquerades as popular apps like Chrome
F5 researchers have been able to determine that the origin of the Trojan is in Russia, country from which the spread of MaliBot is controlled. The first campaigns date back to June 2020, and it is a modified version of already known malware: SOVA.
Its capabilities include Single-use and multi-factor verification code thefttext message theft, app deletion, sensitive data collection, and even the ability to bypass Google’s two-step verification system.
It has been discovered that the campaigns with this malware as the protagonist are mainly focused on Italy and Spain. In these countries, the authors have distributed their virus through websites that prompted users to download infected apps. Among these apps were fake clones of popular tools like Google Chromeas well as cryptocurrency applications.
With the objective of spread even more between devices, once the victim’s device has been infected, MaliBot takes advantage of your permissions to access the user’s contact list and send SMS messages with links containing the APK file of the virus. This way of acting is known as “smishing”.
By gaining privileged permissions on the device, such as access to Android accessibility APIs, MaliBot has the ability to perform actions on the device without the need for user interaction. This, according to the attackers, makes MaliBot a virus aimed mainly at stealing sensitive information related to financial entities.
In fact, it has been discovered that the malware has a list of target bank apps in its code, among which it is possible to find CaixaBank and Santander from Spain, and UniCredit from Italy. Techniques have also been discovered cryptocurrency theft of portfolios hosted on platforms such as Binance or Trust Wallet.
Although today the threat stalks users in Spain and Italy above all, it is expected that, as the weeks go by, MaliBot expand your targets and new campaigns targeting other regions of the world emerge. The researchers recommend prevent downloading apps from sources outside the Google Play Storeand ignore SMS messages from unreliable sources.
Related topics: Android
Follow Andro4all to find out about all the mobile news