Check Point Research (CPR), the Threat Intelligence division of Check Point Software Technologies, has identified the emergence of a new mobile banking malware for Android, called MaliBot, following the removal of FluBot in late May. The cybersecurity solutions provider group announced the discovery by publishing the Global Threat Index for the month of June 2022.

Although newly discovered, MaliBot, a banking malware, has already reached number three on the list of most prevalent mobile malware. It masquerades as cryptocurrency mining apps with different names and targets mobile banking users to steal financial information.

Similar to FluBot, MaliBot uses phishing SMS messages (also called smishing) to lure victims into clicking a malicious link that will redirect them to download a fake application containing the malware.

Check Point Research recalls that it was successful law enforcement actions that brought down the cybercrime gangs that used FluBot in the past. But unfortunately, it didn’t take long for a new mobile malware to take its place, as is the case with Malibot.

According to the researchers, cybercriminals are well aware of the central role that mobile devices play in people’s lives and are always adapting and improving their tactics to match this. Therefore, there is a danger for those who use the device to consult mobile banking.

Top mobile malware

Check Point’s Global Threat Index ranks the viruses most used by cybercriminals. In June, AlienBot was the most prevalent mobile malware, followed by Anubis and the new MaliBot banking malware.

AlienBot is from the AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, as a first step, to inject malicious code into legitimate financial applications. The attacker gains access to victims’ accounts and eventually completely controls the device. Anubis is a banking Trojan designed for Android smartphones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger, audio recording features, and various ransomware features. It has been detected in hundreds of different apps available on the Google Store. MaliBot is an Android banking malware that was detected targeting users in Spain and Italy. This malware disguises itself as cryptocurrency mining apps with different names and focuses on stealing financial information, cryptocurrency wallets and more personal data.

Check Point Software’s Global Threat Index and its ThreatCloud map are powered by the company’s ThreatCloud intelligence, a collaborative network that delivers real-time threat intelligence from millions of sensors around the world, across networks, endpoints and mobile devices. . Intelligence is enriched with AI-powered engines and unique research data from the Check Point Research (CPR) division.

Virus for Android is identified in apps on Google Play

Another virus that Android users need to be concerned about was recently found in analysis by ESET, a cyber threat detection company. This is Joker, also known as Bread, which has been active since 2017 and stands out for its ability to bypass Google Play’s security mechanisms and reach the official Android store under different types of applications.

This malware, categorized as spyware, intercepts SMS messages reaching a victim’s device, subscribes to premium services and spreads unwanted advertising. Between April and June 2022, several applications were removed from Google Play for having received complaints for containing this type of trojan.

One of the last apps to be removed from the platform was the PDF Reader Scanner, which had already been downloaded by more than five thousand users. According to ESET data, variants of this malware were found hidden in this application in several countries, including Latin America.

On Twitter, dozens of malicious apps have been reported in recent months, some registering up to 10,000 downloads. One of the reasons Joker continues to break through Google Play’s security barriers is because cybercriminals have been looking for new techniques.