Skip to content

Cyber Security And Bitcoin Blockchain News

The World

  • Reports Claim Russia Defaulted on Foreign Debt for the First Time in a Century, Kremlin Disagrees and Says It Paid – Economics Bitcoin News bitcoin news
  • Drops DAO launches Mainnet To Allow Borrowing of NFT-collateralized Loans bitcoin news
  • El Salvador’s Bitcoin Volcano Bonds Launch Still on Hold, According to Treasury Minister – Bitcoin News bitcoin news
  • Google Forms Web3 Team — Sees Tremendous Potential, Demand for Crypto Tech Support – Featured Bitcoin News bitcoin news
  • Did A Bitcoin “Zig-Zag” Shake Out The Crypto Market? bitcoin news
  • CA GameFi, Subsidiary of CyberAgent, Announces “ProjectTB” That Delivers “Just Enjoy and Earn” to Players Around the World – Press release Bitcoin News bitcoin news
  • Has Bitcoin Hit Bottom Yet? Here’s What On-Chain Data Says bitcoin news
  • Bitcoin Bears Keep Pushing, Why Upsides Remain Limited bitcoin news

A New Android Banking Trojan Spotted in the Wild

Posted on June 16, 2022 By root


Android Banking Trojan

A new strain of Android malware has been spotted in the wild targeting online banking and cryptocurrency wallet customers in Spain and Italy, just weeks after a coordinated law enforcement operation dismantled FluBot.

The information stealing trojan, codenamed MaliBot by F5 Labs, is as feature-rich as its counterparts, allowing it to steal credentials and cookies, bypass multi-factor authentication (MFA) codes, and abuse Android’s Accessibility Service to monitor the victim’s device screen.

MaliBot is known to primarily disguise itself as cryptocurrency mining apps such as Mining X or The CryptoApp that are distributed via fraudulent websites designed to attract potential visitors into downloading them.

CyberSecurity

It also takes another leaf out of the mobile banking trojan playbook in that it employs smishing as a distribution vector to proliferate the malware by accessing an infected smartphone’s contacts and sending SMS messages containing links to the malware.

“MaliBot’s command-and-control (C2) is in Russia and appears to use the same servers that were used to distribute the Sality malware,” F5 Labs researcher Dor Nizar said. “It is a heavily modified re-working of the SOVA malware, with different functionality, targets, C2 servers, domains, and packing schemes.”

Android Banking Trojan

SOVA (meaning “Owl” in Russian), which was first detected in August 2021, is notable for its ability to conduct overlay attacks, which work by displaying a fraudulent page using WebView with a link provided by the C2 server should a victim open a banking app included in its active target list.

Some of the banks targeted by MaliBot using this approach include UniCredit, Santander, CaixaBank, and CartaBCC.

Accessibility Service is a background service running in Android devices to assist users with disabilities. It has long been leveraged by spyware and trojans to capture the device contents and intercept credentials entered by unsuspecting users on other apps.

CyberSecurity

Besides being able to siphon passwords and cookies of the victim’s Google account, the malware is designed to swipe 2FA codes from the Google Authenticator app as well as exfiltrate sensitive information such as total balances and seed phrases from Binance and Trust Wallet apps.

Android Banking Trojan

What’s more, Malibot is capable of weaponizing its access to the Accessibility API to defeat Google’s two-factor authentication (2FA) methods, such as Google prompts, even in scenarios where an attempt is made to sign in to the accounts using the stolen credentials from a previously unknown device.

“The versatility of the malware and the control it gives attackers over the device mean that it could, in principle, be used for a wider range of attacks than stealing credentials and cryptocurrency,” the researchers said.

“In fact, any application which makes use of WebView is liable to having the users’ credentials and cookies stolen.”





TheHackersNews/

cyber security news

Post navigation

Previous Post: Bitcoin Amidst Relentless Sell Off; Is It Targeting $13,000 Now?
Next Post: Ethereum Recovers 6%, Why 100 SMA Is The Key For Upsides

Related Posts

  • Over 200 Apps on Play Store Caught Hacking Androids with Password Stealer cyber security news
  • Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus cyber security news
  • Learn Raspberry Pi and Arduino with 9 Online Developer Training Courses cyber security news
  • Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups cyber security news
  • New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry cyber security news
  • Critical Flaw in Cisco Secure Email and Web Manager Lets Attackers Bypass Authentication cyber security news

Archives

  • July 2022
  • June 2022
  • May 2022

Categories

  • bitcoin news
  • cyber security news

Recent Posts

  • Mad Money’s Jim Cramer Says Crypto Immolation Shows the Fed’s Job to Tame Inflation Is Almost Complete – Markets and Prices Bitcoin News
  • Russian Media Censor Roskomnadzor Blocks Major Crypto News Website – Bitcoin News
  • Jed McCaleb’s Ripple Stash Down to 81 Million — Co-Founder’s XRP Cache Likely to Dry Up This Year – Altcoins Bitcoin News
  • Exploit Forces Crema Finance to Temporarily Suspend Services, $8.7 Million Stolen – Bitcoin News
  • Blockfi CEO Says FTX Has an ‘Option to Acquire’ Crypto Lender at a Price of up to $240M – Bitcoin News

Recent Comments

No comments to show.
  • Bitcoin Miners’ Exchange Flow Rises To Seven-Month High Amid Bloodbath bitcoin news
  • TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff cyber security news
  • Polkadot (DOT) Trades Beneath $11; How Soon Will It Target $14? bitcoin news
  • Dubai Property Developer Completes Real Estate Deals Worth $50M via Crypto – Featured Bitcoin News bitcoin news
  • Fresh Gains Push Bitcoin Back Into the World’s Top 10 Most Valuable Assets – Markets and Prices Bitcoin News bitcoin news
  • Ethereum Fails Near Key Resistance, Why $1,700 Is The Key bitcoin news
  • Cardano (ADA) Booms 20% In Last Week, Will It Hit $1 Amid ‘Vasil’ Launch bitcoin news
  • Dogecoin Mining Revenue Massively Fell In Past 12 Months bitcoin news

Copyright © 2022 Cyber Security And Bitcoin Blockchain News.

Powered by PressBook News Dark theme