• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

‘MaliBot’ Malware Can Hack Android Phones and Get Past MFA Security

June 21, 2022

A team of researchers from F5 Labs are warning consumers about a devastating new piece of malware that is now circulating on Android phones. Dubbed MaliBot, the new malware essentially gives a fraudster control of the victim’s phone, allowing them to steal passwords and gain access to bank accounts and cryptocurrency wallets while remaining undetected.

'MaliBot' Malware Can Hack Android Phones and Get Past MFA Security

MaliBot is especially insidious because hackers can use it to get past Multi-Factor Authentication checks. Once installed, fraudsters can use MaliBot to capture someone’s screen remotely, and to scrape information about browser cookies from the web. They can also view the victim’s text messages, giving them access to a wealth of information that can be used to compromise accounts.

As it relates to MFA, MaliBot lets hackers manipulate a device to hide their activities and extract additional data. If someone has set up their accessibility permissions to request a prompt when they try to sign in, the hacker can create an overlay that hides the prompt from the user, and then hit ‘Yes’ on their behalf to complete the login while the victim remains unaware.

At the moment, the hackers distributing MaliBot are primarily going after bank and cryptocurrency accounts in Italy and Spain, though the software will presumably spread to other locations and could be used to execute other kinds of attacks. The software is being sent to victims as a link in a phishing SMS text message sent directly to someone’s phone, and has been left up on a pair of fraudulent websites to trap unsuspecting web surfers. In either case, the malware will start downloading as soon as someone clicks on the link in question.

One of the websites is designed to look like a real cryptocurrency tracker app. Hackers can also hijack the SMS function to send text messages with the malware link once MaliBot has been installed on that person’s phone. Consumers are advised to avoid clicking on strange links that arrive via text (even from recognized numbers), and to avoid suspicious websites.

Source: ZDnet

Filed Under: Industry News Tagged With: Android, Android malware, cybersecurity, F5 Labs, hack attacks, MaliBot, malware, MFA security, mobile security, mobile security threats, multi-factor authentication, security threats

Related News & Articles

Veriff Station Celebrates Official Public Launch

Arculus Introduces Cryptocurrency Storage Device with Three-Factor Authentication

Taking Aim at APAC Market, FacePhi Launches Korean Subsidiary

Primary Sidebar

Learn About Mobile ID and Aviation

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • NordPass Enables Biometric, TOTP-secured 2FA for Business Users
  • Mastercard Solution Certified Under UK’s Digital ID Framework
  • Transatlantic Digital Traveler Identity Project Gets High-Profile Tech Partner
  • Digital Identity Tech Demo Online Event
  • Mobile ID Comes to Another US Campus

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld