A New Android Malware (Malibot) Targeting customers in Spain and Italy.
F5 Labs specialists recognized another kind of Android malware, named Malibot, that is focusing on web-based banking and digital currency wallet clients in Spain and Italy.
malware including UniCredit, Santander, CaixaBank, and CartaBCC.
This new malware is found two weeks after an International Law Enforcement agency dismantled FluBot malware.
This malware performs a lot of operations like stealing credentials, cookies and by-pass multi-factor authentication (MFA). This malware can also control devices by implementing remote access features.
The Malibot identifies itself as a cryptocurrency mining app, which is spread by the name “Mining X” or “The Crypto App”. Experts also identified that this app is also obfuscated as “MySocialSecurity” and “Chrome” app.
This malware is spread through various websites and phishing attack.Distribution of this malware is done by hooking victims to the malicious websites and tricking them to download any software, and sending direct links on the user’s mobile number.
“This MaliBot spy for all events using the Accessibility Service. If it detects any activity performed by the user in any banking app or website, it will automatically setup WebView that displays an HTML overlay to the victim.”
MaliBot also misuses the access to the Accessibility API to bypass Google 2FA Authorization.MaliBot is one of the most dangerous threats to the customers of Spain and Italian Bank, but we have to know any more powerful threat can be developed as the time goes on.
Generally, any application which uses WebView is responsible of stealing credentials, cookies.
Kindly read more article :