This is Malibot
Basically it is a malware created to steal passwords from our mobile devices. To do this, it pretends to be a legitimate link within an SMS, but in reality it is nothing more than the passport to download this malware in the form of a smishing. This is how it reaches the phone, and how most users fall into its clutches practically without realizing it.
The messages Fraudulent SMS basically they take us to websites that have been designed to make us think that we are legitimate sites, usually impersonating large companies. But what we are actually downloading is malware. In addition, some of these fraudulent websites impersonate services such as cryptocurrency wallets or pages that are allegedly specialized in the valuation of these virtual currencies.
Logically, this has great drawing power, especially from users with significant potential in the form of cryptocurrencies or the like. In this way they are lured to deceive them and load Malibot on their devices, a malware specialized precisely in steal all that data these people. But the researchers have not only realized that this public is being sought, but that Spanish and Italian bank customers are also being attacked, although it is warned that this could only be the beginning, and reach many more regions. and victims later.
An elusive malware
As with so many malware, this one seeks above all that we give it some permissions that allow it to fully enter the phone and take control if necessary. For this, those who download this malware without realizing it, end up giving it permissions to this both accessibility like launch. This ends up giving hackers the opportunity to take control of the phone, and therefore access to all that sensitive information that can end up being very valuable.
We are talking, for example, about theft of passwords and stored data related to banking, as well as the control of the telephone to extort money from the victim and for them to collaborate by providing new information of value to have a little more alibi for the victim. Worst of all, this malware is able to bypass two-step verification of some services. To do this, they use the accessibility permissions to make the victim believe that nothing is happening, when in reality, in the background, the hackers are pressing yes on the question of whether we have logged in on other devices. This way they circumvent authentications in the background and make it especially dangerous.