The cybersecurity expert community has found a new one banking trojandesigned for target Italy and Spain The highly sophisticated malware is capable of stealing victim account credentials and bypassing two-factor authentication.
In this way, the malware can access the apps of some of the major European banks and easily perform banking transactions, draining the victim’s checking account.
Malware, nicknamed MailBot, was identified by the F5 Labs team. Among other things, MailBot can also take advantage of an exploit of the Android Accessibility Service, which allows hackers to spy on the victim’s smartphone screen. A complete overview of the user’s private life.
MailBot is mainly distributed within a few bogus cryptocurrency mining applications, including Mining X and The Crypto App (not to be confused with the app of the same name distributed in the Play Store). These apps are distributed via direct download of the APK through the browser.
Researchers at F5 Labs traced the malware’s command-and-control server and located it in Russia. The malware would use the same servers already detected by analyzing the Sality malware. “It is an extremely modified version of a malware formerly known as SOVA, but differs in some functions and in its purposes,” F5 Labs writes in a note.
The list of banks targeted by this Trojan is relatively long and even includes: UniCreditSantander, CaixaBank and CartaBCC.
Source: Lega Nerd
