F5 Labs recently announced the discovery of a new strain of mobile device malware dubbed "MaliBot". While this particular malware only affects Android phones (infection results in the phone being completely compromised), attackers can use that phone to send and receive SMS messages, steal financial information and cryptocurrency wallets, and perhaps most alarmingly it would allow attackers to interact with Multi-Factor Authentication (MFA) apps like Google Authenticator to access otherwise protected accounts.
Though this caliber of malware is rare, it is not exactly novel. Other malware, such as GrayKey and Karma, have been used to spy on and interact with unsuspecting users' mobile phones in the past. Still, extra care should be taken with MaliBot actively infecting Android phones.
There are two primary ways MaliBot infects a phone:
The end user is tricked into installing the malware by masquerading as a legitimate app called TheCryptoApp. The user visits a malicious website that directs them to download the malware rather than the legitimate app from the Google Play Store.
The end user receives a text message with a malicious link to install the app. Because the malware can send and receive text messages from infected phones, an infected phone might send the malicious link to friends and family in the Contacts list, increasing the likelihood of an unsuspecting victim being infected.
As with most things in cybersecurity, an ounce of prevention is worth a pound of cure. Always be careful when installing apps or software and use extra caution clicking links sent to you via email or SMS (even if the links are from someone you know and trust). Make sure to only install apps from your mobile device's respective app store and keep your mobile device up to date.
If you suspect someone you know is infected, reach out to them directly through a phone call or other means, as text messages can be intercepted and deleted by advanced malware like MaliBot. If you suspect your device might be infected, please contact Go West IT and find out how we can help.