Android Malware Malibot – New, but Very Capable

A malware group’s loss is definitely another’s gain. This is a phrase everyone should know, especially since cyber threats are on the rise. Recently, the Flubot operation suddenly shut down, which gave the group behind the new Android banking malware MaliBot the opportunity to shine.

Android users have had their fair share of attacks in recent months, and it seems that they won’t get a break anytime soon. The new malware has set up a malicious campaign, targeting users in Italy and Spain in hopes of stealing their financial information.

With advanced hacking abilities such as masquerading as legit apps and snatching two-factor authentication codes, Malibot is the new force in the industry. What is this new malware? How does it operate? We’ll explain this in the following article.

Malibot – A Browser? A Crypto App?

Threat actors have been targeting Android users for quite some time now. A while ago, malicious applications invaded Google Play Store, distributing malware to millions of devices.

Now, Malibot showed up to take “Maliciousness” to a whole new level. Researchers at F5 Labs discovered this new malware disguising its operation as legit applications.

While it’s new, the report states that the operators behind it seem to be operating from Russia. Not only that, but the actors’ IP addresses showed association with several malware distribution campaigns that date back to 2020.

Now, the question is: How are they distributing the MaliBot malware? The first campaign works with a popular crypto-mining application.

TheCryptoApp, a tool on the Google Play store that has over a million downloads is the malware’s disguise. When the victim visits the fake website created by the attackers, they’ll find downloadable APKs that he/she can install manually.

The other campaign involves an app that goes by the name of Mining X. Now this one is not available on Google Play Store, but the victims are set up to scan a QR code to download the malicious APK file.

We talked about the malicious apps, but how are the victims getting them? According to F5 Labs, the malware is distributed through malicious websites or via smishing attacks:

“Distribution of MaliBot is performed by attracting victims to fraudulent websites where they are tricked into downloading the malware, or by directly sending SMS phishing messages (smishing) to mobile phone numbers.”

Malibot, despite being new, is a very capable piece of malware. Once it sets root, it secures accessibility and launcher permissions. Not only that but the longer it stays, the more privileges it gets. In a nutshell, Malibot is very dangerous so be careful.

Malibot Malware – You Install, They Control

With abilities such as intercepting notifications, SMS/calls, and capturing screenshots, Malibot proves to be the new face of malware in the industry.

Smishing and phishing attacks are the main focus here, so you can still avoid this predicament. All you have to do is make sure that the website you’re visiting is legit.

Not only that, but we also recommend downloading apps from your official native app store. No third-party websites, whatsoever. Stay vigilant, and stay safe.