Malibot, the malware that is stealing online banking data

F5 Labs has descovered “MaliBot”, a new Android malware that is targeting online banking customers in Spain and Italy, with the ability to steal user credentials and cookies and bypass multi-factor authentication (MFA) codes.

MaliBot malware tries to get past desseen taking the guise of different applications, such as the cryptocurrency mining applications “Mining X” or “The CryptoApp”, as well as other types of applications, such as “MySocialSecurity” and “Chrome”.

In addition to stealing financial information, credentials, cryptocurrency wallets, and personal data (PII), MaliBot has the ability to remotely control infected devices using a VNC server implementation.

According to the experts at F5 Labs, MaliBot is a clear threat to Spanish and Italian bank customers, but it will surely expand its radius of action over time. Furthermore, the versatility of this malware and the control it gives cybercriminals over the user’s device indicates that it will be used for a broader range of attacks in the future. In fact, any application that makes use of WebView, an Android component that facilitates access to web content, is susceptible to the theft of user credentials and cookies.

F5 Labs has descovered “MaliBot” a new malware for Android that is targeting online banking customers in Spain and Italy

In the 2022 Application Protection Report, F5 Labs notes that while the rise of ransomware has been the most relevant attack trend over the past two years, 2021 also saw a subtle rise in malware infections that extract data without necessarily seek the encryption of the information or the request for a ransom for it. Such a capable and versatile example of mobile malware as Malibot serves as a reminder to pay attention to all varieties of attack, not just the trending ones.