Researchers have discovered a new malware in the wild targeting Android users. Identified as “MaliBot,” this Android banking trojan disguises as fake cryptocurrency apps to steal from victims. Since it appears with various seemingly-legit names, users must remain careful when downloading apps from untrusted or unknown sources.
MaliBot Android Banking Trojan
According to F5 Labs researchers, a new Android banking trojan “MaliBot” has been running active campaigns.
Analyzing the malware allowed them to deduce it as a variant of the previously-known FluBot trojan. Yet, as “MaliBot,” the malware has evolved into a potent data and cryptostealing trojan.
Specifically, some of the malicious functionalities of MaliBot include screen overlay and web injection, screen capturing, and sending and stealing SMS messages. The latter helps the malware steal MFA codes and access various accounts.
Upon infecting a device, the malware starts gathering device details such as IP address, device model, default language, AndroidID, installed apps, etc. This information then allows the malware to execute its subsequent action. For instance, the malware steals login credentials, cookies, and crypto wallet addresses for target apps. Moreover, it also steals SMS, logs calls, SMS messages, and other activities, and displays overlays to capture data.
The researchers found the malware spreading via two campaigns yet, “TheCryptoApp” and “Mining X.” Both the campaigns have dedicated websites to trick users into downloading the malware APK. Another mode of distributing the malware is via Smishing (SMS phishing).
Detailed technical analysis of the malware is available in the researchers’ report.
For now, the malware hints at its threat actors’ origin as Russia. The campaign presently targets Android users in Italy and Spain. But, given its malicious capabilities, the researchers fear it may also expand to other countries.
Therefore, users must remain very careful when clicking on random links in emails and messages, downloading apps from unknown sources, and visiting random websites. Besides, equipping Android phones with robust antimalware can always help prevent known malware infections.