This new Android malware bypasses multi-factor authentication to steal your passwords

A newly discovered form of Android malware steals passwords, bank details and cryptocurrency wallets from users – and it does so by bypassing multi-factor authentication protections. 

The malware has been detailed by cybersecurity researchers at F5 Labs, who’ve dubbed it MaliBot. It’s the latest in a string of powerful malware targeting Android users

In addition to remotely stealing passwords, bank details and cryptocurrency wallets, MaliBot can access text messages, steal web browser cookies and can take screen captures from infected Android devices. It can also get around multi-factor authentication (MFA) – one of the key cybersecurity defences people can use to protect themselves against cyber criminals. 

Like many Android malware threats, MaliBot is distributed by sending phishing messages to users’ phones via SMS text messages (smishing) or attracting victims to fraudulent websites. In both cases, victims are encouraged to clink on a link, which downloads malware to their phone. 

So far, researchers have found two malicious websites used to distribute MaliBot – one is a fake version of a legitimate cryptocurrency tracker app with more than a million downloads from the Google Play Store.

After being downloaded MaliBot covertly asks the victim to grant accessibility and launcher permissions it requires to monitor

Read More: