Android Malware Can Steal Financial Data
June 22, 2022 • security
Three years ago, the number of malware infections had increased, and new malware had been discovered. This malware could steal financial data by bypassing multi-factor authentication. Researchers at F5 Labs detected the virus, which they dubbed “Exobot.” It’s believed the virus have spread via fraudulent websites and spam email. Exobot invite users to download it, thinking it’s a popular cryptocurrency tracker.
Details of MaliBot Android malware.
Researchers at F-Secure first discovered the Exobot malware. The malware is a sophisticated malware that can bypass two-factor authentication and steal financial data. The malware is distributed through fraudulent websites and smishing. Once installed, the malware requests permissions to overlay other apps and access SMS messages, contact lists, and call logs. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication.
Exobot can also record phone calls to customer service to gain additional login credentials or other sensitive information. If you think you may have downloaded the Exobot malware, it is important to uninstall any suspicious apps and change your passwords immediately. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.
The MaliBot Android malware bypasses two-factor authentication.
Once installed, the malware requests permissions that are usually considered suspicious, such as access to SMS messages, contact lists, and call logs. It also requests permission to overlay other apps. With these permissions in hand, the malware can intercept one-time passcodes (OTPs) sent via SMS for banking apps and bypass two-factor authentication. The app can also record phone calls made to customer service to gain additional login credentials or other sensitive information.
“This is a very sophisticated piece of Android malware,” said Craig Young, a principal security researcher at Tripwire’s Vulnerability and Exposure Research Team (VERT). “The developers have put a lot of work into making it difficult to detect and analyze.”
What is two-factor authentication?
Two-factor authentication, commonly known as two-step verification, is a type of identity verification that uses two elements: a password and a one-time code sent to you by text message. Even if the attackers have access to your password, they’ll need access to your phone to log in because they’ll also need access to the location where you’re receiving the one-time code.
How to enable two-factor authentication?
Two-factor authentication is an extra layer of security that can protect your online accounts from being hacked. If you are not already using two-factor authentication, enabling it on all accounts that support it is vital. To enable two-factor authentication, you must log into your account and go to the security settings. From there, you will need to generate a one-time code sent to you via SMS or an app. Once you have the code, you will enter it when prompted to log in. It is important to note that you should only use apps from trusted sources like the Google Play Store when generating one-time codes.
Bottom line
The Exobot malware is a sophisticated Android malware that can bypass two-factor authentication and steal financial data. If you think you may have downloaded the Exobot malware, it is important to uninstall any suspicious apps and change your passwords immediately. You should also enable two-factor authentication on all accounts that support it. And finally, be sure to only download apps from trusted sources like the Google Play Store.
security
admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.