A recently discovered form of powerful banking malware has quickly become one of the most prolific threats to Android users.
First uncovered in June, MaliBot steals passwords, bank details and the contents of cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. The malware can also access text messages, steal web browser cookies and can take screen captures from infected Android devices.
MaliBot can also spread itself by hijacking SMS capabilities to send malicious messages to other users – a technique similar to that which allowed FluBot malware to become so successful before it was taken down by coordinated law enforcement action in May.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Now, after first appearing just weeks ago, MaliBot has become one of the most prolific forms of Android malware. According to cybersecurity researchers at Check Point, it was the third-most prevalent malware targeting Android users in June, filling the gap left by FluBot.
“While it’s always good to see law enforcement successful in bringing down cyber-crime groups or malwares like FluBot, sadly it didn’t take long for a new mobile malware to take its place,” said Maya Horowitz, VP of research at Check Point Software.
Ahead of MaliBot, the Android malware most commonly detected by Check Point during June was AlienBot, a malware-as-a-service family that allows remote attackers to inject malicious code into legitimate financial apps, enabling them to access sensitive information in accounts and eventually complete control of the device.
The second-most detected Android malware for the month was Anubis, a banking trojan, which was first uncovered in 2016 and continues to be an active threat.
The individuals behind Anubis continually develop new features for the malware and, as well as being a banking trojan, it now has remote access trojan functionality, as well being a keylogger. It’s also capable of recording audio from the infected Android device. It’s often distributed and hidden within malicious applications.
“Cyber criminals are well aware of the central role that mobile devices play in many peoples’ lives and are always adapting and improving their tactics to match. The threat landscape is evolving rapidly, and mobile malware is a significant danger for both personal and enterprise security,” said Horowitz.
Mobile devices make a tempting target for cyber criminals because they contain a vast amount of personal data that they can exploit and many users aren’t fully aware that their smartphone is something that can be infected with malware.
SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today
Users should be suspicious of any unexpected text messages asking them to click a link, as this is a common way that mobile malware is delivered. A common threat in recent years has been from messages that claim you’ve missed a delivery and ask you to click the link to reschedule it.
It’s also recommended that users download apps from trusted sources, such as the Google Play Store to help stay safe. However, malware does occasionally bypass Play Store protections and is disguised within apps that look legitimate. Users should be cautious when downloading new apps from developers that only state basic information, which is a sign that the app could be a burner profile to distribute malware.
Users should also be mindful of reviews – a lot of negative reviews could suggest that the app isn’t working as advertised and could be malware.