MaliBot is the latest threat that stalks Android users in Europe: it can steal the access codes to the main banks. FluBot managed to endanger millions of people around the world by being a virus targeting android capable of taking full control of devices and accessing sensitive data, including access codes to financial applications. His disappearance, confirmed by Europol, seemed to have come to give us a truce, but everything seems to indicate that the successor of FluBot is already a reality. Has been baptized as MaliBot by the firm specialized in cybersecurity F5, tasked with discovering it while monitoring the FluBot Trojan. This company assures that it is malware aimed mainly at users of two of the main financial entities in Spain: Santander and CaixaBank. MaliBot is considered a virus similar to the very famous FluBot.
Trojan masquerades as popular apps like Chrome
F5 researchers have been able to determine that the origin of the Trojan is in Russia, the country from which the spread of MaliBot is controlled. The first campaigns date back to June 2020, and it is a modified version of already known malware: SOVA. Among its capabilities, it includes the Single-use and multi-factor verification code text message theft, app deletion, sensitive data collection, and even the ability to bypass Google’s two-step verification system.
It has been discovered that the campaigns with this malware as the protagonist are mainly focused on Italy and Spain. In these countries, the authors have distributed their viruses through websites that prompted users to download infected apps. Among these apps were fake clones of popular tools like Google Chrome as well as cryptocurrency applications. With the aim of spreading even more between devices, once the victim’s device has been infected, MaliBot takes advantage of your permissions to access the user’s contact list and send SMS messages with links containing the APK file of the virus.
This way of acting is known as “smishing”. Antivirus for Android, is it worth having one on your mobile? By obtaining privileged permissions on the device, such as access to Android accessibility APIs, MaliBot has the ability to perform actions on the device without the need for user interaction. This, according to the attackers, makes MaliBot a virus aimed mainly at the theft of sensitive information related to financial entities.
In fact, it has been discovered that the malware has a list of target bank apps in its code, among which it is possible to find CaixaBank and Santander from Spain, and UniCredit from Italy. Techniques have also been discovered for cryptocurrency theft of portfolios hosted on platforms such as Binance or Trust Wallet. Although today the threat looms above all users in Spain and Italy, it is expected that, as the weeks go by, MaliBot expand its targets, and new campaigns targeting other regions of the world emerge. The researchers recommend preventing downloading apps from sources outside the Google Play Store and ignoring SMS messages from unreliable sources.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.