New Android Trojan Targets Financial Institutions, Customers

Blockchain & Cryptocurrency
Cryptocurrency Fraud

MaliBot Steals Credentials, Cryptocurrency from Italian, Spanish Victims

New Android Trojan Targets Financial Institutions, Customers

A new strain of Android malware is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.

See Also: Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Dubbed MaliBot, the banking Trojan steals financial information, credentials, crypto wallets, personal data and cookies; bypasses multi-factor authentication codes; and remotely controls infected devices.

The malware disguises itself as a cryptocurrency mining app and so far has mainly targeted victims in Spain and Italy, a geographic range that’s likely to grow.

It likewise can be used for a wider range of attacks than just stealing credentials and cryptocurrency, says F5 Labs researcher Dor Nizar. “In fact, any application which makes use of WebView is liable to having the users’ credentials and cookies stolen.”

WebView allows Android users to view web search results inside unrelated active applications.

F5 Labs say it discovered MaliBot during a separate investigation into a different malware strain, FluBot.

Campaign Details

MaliBot’s command-and-control server, which…