In the past few hours, a new virus has been spotted by security experts: the favorite victims of criminals are those who manage their finances (traditional and crypto) in mobile banking.
Listen to this article
Between one appearance and another of Joker, and the umpteenth mutation of BRATA, users’ mobile phones certainly do not have to rest assured, with hackers always looking for ways to steal personal and financial information. A new threat to that effect has just been reported and affects users of banking institutions and crypto-wallets.
According to the American security house F5 Labs, the MaliBot bankware has been in action for some time, probably still in development and therefore in the predicate of intensifying its action and gaining other functions in the coming weeks, which affects users of Italian banks (eg. UniCredit) and Spanish (eg Santander CaixaBank), as well as those who use their Android smartphones to manage Binance’s cryptocurrency wallets. The hackers’ modus operandi starts from phishing, with the sending of SMS that simulate those of banking institutions, or lead to visit malicious sites.
Regardless of the channel, the user is invited to download and install an app, which can be a fake version of the Chrome browser, a cryptocurrency exchange such as CryptoApp or Mining X, or an app called “MySocialSecurity“.
Once one of these apps is installed, which immediately initiates a connection with a remote control and command server located in Russia, MaliBot’s malicious activity begins: the latter asks the user to grant accessibility services and takes action, emptying them telephone credit by sending paid SMS, taking screenshots of what appears on the screen, reading the SMS, even in the case of two-factor authentication (used by banks to confirm an operation), without forgetting the overlap (read the list of apps installed locally) of overlay login windows on bank sites (to steal access credentials), and the theft of the recovery phrase (technically called “seed wallet”) which, generated each time a crypto is opened -wallet, is usually used to recover the crypto-wallet and, ipso facto, the funds stored in it.
The advice to defend yourself from the action of MaliBot and similar malware is to pay attention to the messages that invite you to download apps, and to those with links: in case of doubt, that is, when an SMS seems reliable, it is good to consult the source, for example your bank. In case you are afraid of having already been infected by this virus, it is good to check the movements of your current account, change the passwords of the various accounts, and in the most radical cases delete the data of your smartphone (eg via factory reset).