Security News > 2023 > August > Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Gigabud RAT was first documented by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data.

While Android devices have the "Install from Unknown Sources" setting disabled by default as a security measure to prevent the installation of apps from untrusted sources, the operating system allows other apps on installed on the device, such as web browsers, email clients, file managers, and messaging apps, to request the "REQUEST INSTALL PACKAGES" permission.

On top of that, the agency has cautioned that cybercriminals are embedding nefarious code in mobile beta-testing apps masquerading as legitimate cryptocurrency investment apps to defraud potential victims by facilitating the theft of personally identifiable information and financial account data.

"Cyber criminals often use phishing or romance scams to establish communications with the victim, then direct the victim to download a mobile beta-testing app housed within a mobile beta-testing app environment, promising incentives such as large financial payouts."

In these schemes, threat actors contact potential victims on dating and social networking apps and build trust with the ultimate aim to entice them into downloading pre-release versions of the apps.

Recent waves of the campaign, also called CryptoRom, have weaponized Apple's enterprise and developer ad-hoc app distribution schemes to deliver bogus crypto apps in a bid to slip past restrictions that prevent users from downloading iOS apps outside of the App Store.

News URL

https://thehackernews.com/2023/08/gigabud-rat-android-banking-malware.html