금융 데이터를 탈취하는 안드로이드 멀웨어
6월 22, 2022 • security
Three years ago, the number of malware infections had increased, and new malware had been discovered. This malware could steal financial data by bypassing multi-factor authentication. Researchers at F5 Labs detected the virus, which they dubbed “Exobot.” It’s believed the virus have spread via fraudulent websites and spam email. Exobot invite users to download it, thinking it’s a popular cryptocurrency tracker.
Details of MaliBot Android malware.
Researchers at F-Secure first discovered the Exobot malware. The malware is a sophisticated malware that can bypass two-factor authentication and steal financial data. The malware is distributed through fraudulent websites and smishing. Once installed, the malware requests permissions to overlay other apps and access SMS messages, contact lists, and call logs. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication.
Exobot can also record phone calls to customer service to gain additional login credentials or other sensitive information. If you think you may have downloaded the Exobot malware, it is important to uninstall any suspicious apps and change your passwords immediately. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.
The MaliBot Android malware bypasses two-factor authentication.
Once installed, the malware requests permissions that are usually considered suspicious, such as access to SMS messages, contact lists, and call logs. It also requests permission to overlay other apps. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication. The app can also record phone calls made to customer service to gain additional login credentials or other sensitive information.
“This is a very sophisticated piece of Android malware,” said Craig Young, a principal security researcher at Tripwire’s Vulnerability and Exposure Research Team (VERT). “The developers have put a lot of work into making it difficult to detect and analyze.”
What is two-factor authentication?
Two-factor authentication, commonly known as two-step verification, is a type of identity verification that uses two elements: a password and a one-time code sent to you by text message. Even if the attackers have access to your password, they’ll need access to your phone to log in because they’ll also need access to the location where you’re receiving the one-time code.
How to enable two-factor authentication?
Two-factor authentication is an extra layer of security that can protect your online accounts from being hacked. If you are not already using two-factor authentication, enabling it on all accounts that support it is vital. To enable two-factor authentication, you must log into your account and go to the security settings. From there, you will need to generate a one-time code sent to you via SMS or an app. Once you have the code, you will enter it when prompted to log in. It is important to note that you should only use apps from trusted sources like the Google Play Store when generating one-time codes.
결론
The Exobot malware is a sophisticated Android malware that can bypass two-factor authentication and steal financial data. If you think you may have downloaded the Exobot malware, it is important to uninstall any suspicious apps and change your passwords immediately. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.
보안
admin은 정부 기술의 선임 스태프 작가입니다. 이전에는 PYMNTS와 베이 스테이트 배너에 글을 썼으며 카네기 멜론에서 문예창작 학사 학위를 받았습니다. 현재 보스턴 외곽에 거주하고 있습니다.