A new Android banking malware has reared its ugly head. Dubbed MaliBot, it disguises itself as crypto-currency mining applications under different names and targets users of mobile banking to steal financial information.
This was revealed by Check Point Research (CPR), the threat intelligence arm of Check Point in its Global Threat Index for June 2022.
Although only just discovered, MaliBot has already reached third place in the most prevalent mobile malwares list. Similar to FluBot, MaliBot uses phishing SMS messages (smishing) to lure victims into clicking on a malicious link that redirects them to the download of a fake application containing the malware.
FluBot was taken down at the end of May this year.
The report also revealed that the infamous malware, Emotet, is still the most prevalent malware overall, and Snake keylogger comes in third after an increase in activity since appearing in eighth place last month.
Snake’s main functionality is to record users keystrokes and transmit collected data to bad actors. In May CPR noted Snake keylogger being delivered via PDF files, but recently it has been spread through e-mails containing Word attachments tagged as requests for quotations.
Adapting tactics
The company’s researchers also reported on a new variant of Emotet in June that has credit card stealing capabilities and targets Chrome browser users.
Maya Horowitz, VP of research at Check Point Software, says while it’s always encouraging to see law enforcement take down cyber crime groups or malware such as FluBot, it never takes long before a new threat takes its place.
“Cyber criminals are well aware of the central role that mobile devices play in many peoples’ lives and are always adapting and improving their tactics to match. The threat landscape is evolving rapidly, and mobile malware is a significant danger for both personal and enterprise security. It’s never been more important to have a robust mobile threat prevention solution in place,” says Horowitz.
When it comes to exploited vulnerabilities, CPR revealed that Apache Log4j Remote Code Execution remains the most commonly exploited vulnerability, impacting 43% of organisations worldwide. Hot on its heels is Web Server Exposed Git Repository Information Disclosure, with a global impact of 42.3%. Web Servers Malicious URL Directory Traversal took third place with a global impact of 42.1%.
Most prevalent mobile malware for June
AlienBot
AlienBot malware family is a malware-as-a-service (MaaS) for Android devices that enables a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The threat actor obtains access to victims’ accounts, and eventually takes full control of their device.
Anubis
Anubis is a banking Trojan designed for Android mobile phones. Since its initial detection, it has gained additional functions including remote access Trojan (RAT) functionality, keylogger, audio recording capabilities and various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
MaliBot
Malibot is an Android Banking malware that has been spotted targeting users in Spain and Italy. The Banking disguises itself as crypto mining applications under different names and focuses on stealing financial information, crypto wallets and more personal data.
Share