"MaliBot Malware Bypasses Multi-Factor Authentication to Steal Your Passwords"
Cybersecurity researchers at F5 Labs have detailed a newly discovered form of Android malware dubbed MaliBot, which is capable of stealing passwords, bank details, and cryptocurrency wallets from users. MaliBot can also access text messages, steal web browser cookies, and take screen captures from infected Android devices. In addition, MaliBot can bypass Multi-Factor Authentication (MFA). MaliBot, like many other Android malware threats, spreads by sending phishing messages to users' phones via SMS text messages or luring them to fake websites. Victims are enticed to click on a link that downloads the malware on their phone in both cases. So far, researchers have discovered two malicious websites used to distribute MaliBot, one of which is a spoof of a legitimate cryptocurrency-tracking app with over a million downloads on the Google Play Store. MaliBot asks the victim for access and launcher permissions after being downloaded in order to monitor the device and perform malicious operations. This article continues to discuss the delivery and capabilities of the MaliBot Android malware, and how users can avoid falling victim to this malware or other Android malware attacks.
ZDNet reports "MaliBot Malware Bypasses Multi-Factor Authentication to Steal Your Passwords"