• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

‘MaliBot’ Malware Can Hack Android Phones and Get Past MFA Security

June 21, 2022

A team of researchers from F5 Labs are warning consumers about a devastating new piece of malware that is now circulating on Android phones. Dubbed MaliBot, the new malware essentially gives a fraudster control of the victim’s phone, allowing them to steal passwords and gain access to bank accounts and cryptocurrency wallets while remaining undetected.

'MaliBot' Malware Can Hack Android Phones and Get Past MFA Security

MaliBot is especially insidious because hackers can use it to get past Multi-Factor Authentication checks. Once installed, fraudsters can use MaliBot to capture someone’s screen remotely, and to scrape information about browser cookies from the web. They can also view the victim’s text messages, giving them access to a wealth of information that can be used to compromise accounts.

As it relates to MFA, MaliBot lets hackers manipulate a device to hide their activities and extract additional data. If someone has set up their accessibility permissions to request a prompt when they try to sign in, the hacker can create an overlay that hides the prompt from the user, and then hit ‘Yes’ on their behalf to complete the login while the victim remains unaware.

At the moment, the hackers distributing MaliBot are primarily going after bank and cryptocurrency accounts in Italy and Spain, though the software will presumably spread to other locations and could be used to execute other kinds of attacks. The software is being sent to victims as a link in a phishing SMS text message sent directly to someone’s phone, and has been left up on a pair of fraudulent websites to trap unsuspecting web surfers. In either case, the malware will start downloading as soon as someone clicks on the link in question.

One of the websites is designed to look like a real cryptocurrency tracker app. Hackers can also hijack the SMS function to send text messages with the malware link once MaliBot has been installed on that person’s phone. Consumers are advised to avoid clicking on strange links that arrive via text (even from recognized numbers), and to avoid suspicious websites.

Source: ZDnet

Filed Under: Industry News Tagged With: Android, Android malware, cybersecurity, F5 Labs, hack attacks, MaliBot, malware, MFA security, mobile security, mobile security threats, multi-factor authentication, security threats

Related News & Articles

2.1 Billion to Use Mobile Payments Next Year: Juniper Research

Jumio Makes BIG’s List of Best Places to Work

Onfido Highlights Key Takeaways from WEF Authentication White Paper

Primary Sidebar

Register For the Next Virtual Identity Summit

Register now!

Tweets

Sponsored Links

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi's product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Saskatchewan Privacy Commissioner Urges Development of Optional Digital ID
  • Wearable Authentication Company Closes $13 Million Funding Round
  • Fobi and Barnet Unveil New Digital Wallet Loyalty Solution
  • IPification Partners With Major Indonesian Telecom
  • INTELITY Streamlines Hotel Check-in With Mobile ID Solution

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 MobileIDWorld