Android Malware Can Steal Financial Data

Three years ago, the number of malware infections had been on the rise, and a new malware had been discovered that could steal financial data by bypassing multi-factor authentication. Researchers at F5 Labs detected the virus, which they dubbed “Exobot.” It’s believed to have spread via fraudulent websites and to induce users to download it thinking it’s a popular cryptocurrency tracker. It is also distributed through spam.

Details of MaliBot Android malware.

The Exobot malware was first discovered by researchers at F-Secure. The malware is a sophisticated piece of Android malware that can bypass two-factor authentication and steal financial data. The malware is distributed through fraudulent websites and smishing. Once installed, the malware requests permissions to overlay other apps, and access SMS messages, contact lists, and call logs. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication.

The app can also record phone calls made to customer service in order to gain additional login credentials or other sensitive information. If you think you may have downloaded the Exobot malware, it is important to immediately uninstall any suspicious apps and change your passwords. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.

Two-factor authentication is bypassed by the MaliBot Android malware.

Once installed, the malware requests permissions that would normally be considered suspicious, such as access to SMS messages, contact lists, and call logs. It also requests permission to overlay other apps. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication. The app can also record phone calls made to customer service in order to gain additional login credentials or other sensitive information.

“This is a very sophisticated piece of Android malware,” said Craig Young, a principal security researcher at Tripwire’s Vulnerability and Exposure Research Team (VERT). “The developers have put a lot of work into making it difficult to detect and analyze.”

What is two-factor authentication?

Two-factor authentication, commonly known as two-step verification, is a type of identity verification that uses two elements, such as a password and a one-time code sent to you by text message. Even if the attackers have access to your password, they’ll need access to your phone in order to log in because they’ll also need access to the location where you’re receiving the one-time code.

How to enable two-factor authentication.

If you are not already using two-factor authentication, it is important to enabling it on all accounts that support it. Two-factor authentication is an extra layer of security that can protect your online accounts from being hacked. To enable two-factor authentication, you will need to log into your account and go to the security settings. From there, you will need to generate a one-time code that is sent to you via SMS or generated by an app. Once you have the code, you will enter it when prompted in order to log in. It is important to note that you should only use apps from trusted sources like the Google Play Store when generating one-time codes.

Bottom line

The Exobot malware is a sophisticated piece of Android malware that can bypass two-factor authentication and steal financial data. If you think you may have downloaded the Exobot malware, it is important to immediately uninstall any suspicious apps and change your passwords. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.

Natalie Werner
Natalie Werner is a freelance writer, CISSP & CCSK Certified Cybersecurity specialist with over 20 years of experience in the banking industry. She's also co-founder and CEO at The Alliance for Cyber Security Excellence (The ACE), an international not -for profit organization that provides cyber security solutions to reduce risk exposure from threats like hacks or malware infections by bringing together trusted experts across various fields, including information technology (IT). As well as providing specialized operational courses on how to maintain your digital assets within IT domains such data protection, Natalie offers strategic training designed help organizations better understand their own business needs when it comes down to protecting against external risks brought about through technological advances

Related Articles

Android Apps with Malware Found on Play Store

If you have an Android phone, be careful about...

GTA Group Publishes Findings on Hermit Malware

Google Threat Analysis Group (TAG) has recently published findings...