A team of researchers from F5 Labs are warning consumers about a devastating new piece of malware that is now circulating on Android phones. Dubbed MaliBot, the new malware essentially gives a fraudster control of the victim’s phone, allowing them to steal passwords and gain access to bank accounts and cryptocurrency wallets while remaining undetected.
MaliBot is especially insidious because hackers can use it to get past Multi-Factor Authentication checks. Once installed, fraudsters can use MaliBot to capture someone’s screen remotely, and to scrape information about browser cookies from the web. They can also view the victim’s text messages, giving them access to a wealth of information that can be used to compromise accounts.
As it relates to MFA, MaliBot lets hackers manipulate a device to hide their activities and extract additional data. If someone has set up their accessibility permissions to request a prompt when they try to sign in, the hacker can create an overlay that hides the prompt from the user, and then hit ‘Yes’ on their behalf to complete the login while the victim remains unaware.
At the moment, the hackers distributing MaliBot are primarily going after bank and cryptocurrency accounts in Italy and Spain, though the software will presumably spread to other locations and could be used to execute other kinds of attacks. The software is being sent to victims as a link in a phishing SMS text message sent directly to someone’s phone, and has been left up on a pair of fraudulent websites to trap unsuspecting web surfers. In either case, the malware will start downloading as soon as someone clicks on the link in question.
One of the websites is designed to look like a real cryptocurrency tracker app. Hackers can also hijack the SMS function to send text messages with the malware link once MaliBot has been installed on that person’s phone. Consumers are advised to avoid clicking on strange links that arrive via text (even from recognized numbers), and to avoid suspicious websites.