Android Security: How This New Malware Became a Top Smartphone Threat


Image: Getty

A recently discovered form of powerful banking malware has quickly become one of the most prolific threats facing Android users.

MaliBot was first uncovered in June and is stealing passwords, banking information and the contents of cryptocurrency wallets from users – bypassing multi-factor authentication protection. The malware can also access text messages, steal web browser cookies, and take screenshots of infected Android devices.

MaliBot can also spread by hijacking SMS functionality to send malicious messages to other users – a technique similar to that which enabled the FluBot malware to become so successful before it was shut down by coordinated law enforcement efforts in May .

SEE: A winning cybersecurity strategy (ZDNet special report)

First appearing just a few weeks ago, MaliBot has become one of the most prolific forms of Android malware. According to Check Point cybersecurity researchers, it was the third most popular malware targeting Android users in June, filling the void left by FluBot.

“While it’s always good to see law enforcement successfully taking down cybercrime groups or malware like FluBot, unfortunately it wasn’t long before a new mobile malware took its place,” said Maya Horowitz, vice president of research at Check Point Software.

Before MaliBot, Check Point’s most common Android malware detected in June was AlienBot, a malware-as-a-service family that allows remote attackers to inject malicious code into legitimate financial apps, allowing them to access sensitive information into accounts and finally can access complete control over the device.

The second most detected Android malware of the month was Anubis, a banking Trojan that was first detected in 2016 and remains an active threat.

The people behind Anubis are constantly developing new features for the malware, which is not only a banking trojan, but also has a remote access trojan function and a keylogger. It is also able to record audio from the infected Android device. It is often distributed and hidden within malicious applications.

“Cyber ​​criminals are aware of the central role that mobile devices play in many people’s lives and are constantly adapting and improving their tactics accordingly. The threat landscape is evolving rapidly, and mobile malware is a significant threat to personal and corporate security,” Horowitz said.

Mobile devices are a tempting target for cybercriminals as they contain a large amount of personal data that they can exploit and many users are not fully aware that their smartphone can be infected with malware.

SEE: These are tomorrow’s cybersecurity threats to think about today

Users should be suspicious of unexpected text messages encouraging them to click a link, as this is a common way of proliferating mobile malware. A common threat in recent years has been messages claiming that you’ve missed a delivery and asking you to click the link to reschedule it.

It is also recommended that users download apps from trusted sources like Google Play Store to ensure security. However, malware occasionally bypasses Play Store protection and is disguised in apps that look legitimate. Users should be careful when downloading new apps from developers who only provide basic information, which is a sign that the app could be a burner profile for spreading malware.

Users should also pay attention to reviews – many negative reviews could indicate that the app is not working as advertised and may be malware.


Leave a Comment

%d bloggers like this: