MaliBot can steal screenshots, intercept notifications and SMS messages, log boot operations, and provide its operators with remote control capabilities using a VNC system.
The operators are granted the ability to travel between displays through VNC, as well as a scroll, take screenshots, copy and paste material, swipe, and conduct long pushes. In addition, the virus is capable of stealing MFA codes from Google Authenticator and carrying out this activity on demand, launching the authentication app without the involvement of the user.
MaliBot is primarily concerned with collecting personal information and financial data such as credentials for online banking services, passwords for cryptocurrency wallets, and other sensitive information, it is also capable of obtaining two-factor authentication tokens from notifications.
According to a research published by F5 Labs, whose analysts uncovered the new virus, it is now making use of several distribution routes, most likely with the intention of filling the market vacuum that was left when the FluBot operation was abruptly shut down.
MaliBot is most obviously a threat to customers of Spanish and Italian banks, but we can expect a broader range of targets to be added to the app as time goes on. In addition,