Threat Watch

MaliBot Android Trojan Seen in the Wild

Researchers from F5 Labs have recently unveiled a new Android banking trojan dubbed MaliBot. The primary goal of MaliBot is to steal e-banking service credentials, crypto wallet passwords, and other personal data. Different delivery methods for the malware have been seen in the wild, and at this time they are all still active. The first method being used includes fake websites that advertise malicious crypto apps where the user has to manually download the app. The second delivery method is a site that pushes a crypto app called MiningX, which seems legitimate, but if the QR code is scanned, MaliBot is loaded to the victim device. The threat actors behind Malibot have also been using smishing (SMS phishing) as a method of attempting to infect devices. The Command and Control (C2) server linked to the malware traces back to Russia, and the IP associated with it has been involved with other campaigns in the past. Additional analysis by the researchers at F5 uncovered features that have not yet been implemented. This is an unfortunate sign that means there will likely be new versions of the malware in the future.

ANALYST NOTES

To avoid becoming a victim, users are advised not to download any apps from a web browser. Vetting apps prior downloading them can also lessen the likelihood of infection. Reading reviews and doing research on a specific app will often reveal its authenticity. Since smishing is also a tactic being used, unfamiliar text messages, especially with links or attachments, should not be interacted with.

https://www.bleepingcomputer.com/news/security/new-malibot-android-banking-malware-spreads-as-a-crypto-miner/