ZDNet reports that Android users are having their passwords, cryptocurrency wallets, and bank information targeted by the new MaliBot malware, which has multi-factor authentication bypassing capabilities.
MaliBot has also been discovered by F5 Labs to have text message accessing, web browser cookie theft, and screen capturing capabilities. Attackers have been leveraging phishing text messages to spread the malware, which is being distributed through two websites, one of which is a spoof of a widely-used cryptocurrency tracking app on the Google Play Store, according to researchers. Individuals downloading the app would be lured to grant accessibility and launcher permissions that would then facilitate the theft of passwords, bank details, and MFA codes.
F5 Labs notes that while only Spanish and Italian bank clients have been targeted by MaliBot, attackers could expand the reach of the campaign. Moreover, MaliBot could also be deployed to facilitate "a wider range of attacks than stealing credentials and cryptocurrency," researchers added.