New MaliBot Android Banking Malware Spreads as a Crypto Miner


Level 37
Thread author
Top Poster
Feb 4, 2016
Cybersecurity researchers have discovered a new Android banking malware named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain.
MaliBot focuses on stealing financial information such as e-banking service credentials, crypto wallet passwords, and personal details, while it’s also capable of snatching two-factor authentication codes from notifications.

According to a report by F5 Labs, whose analysts discovered the new malware, it’s currently using multiple distribution channels, likely aiming to cover the market gap created by the sudden shutdown of the FluBot operation.

Fake crypto-apps​

Malibot’s command and control server is based in Russia, and its IP has been associated with several malware distribution campaigns dating as far back as June 2020.

The distribution of MaliBot takes place via websites that promote cryptocurrency applications in the form of APKs that victims download and install manually.
The sites that push these files are clones of real projects like TheCryptoApp, which has over a million downloads on the Google Play Store.

In another campaign, the malware is pushed as an app called Mining X, and the victims are tricked into scanning a QR code to download the malicious APK file.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.