HQ/EMEAFind out how we can help your business
Researchers have posted a detailed analysis of the notorious Gigabud banking malware. Based on reports, this malware first appeared in September last year as an Android Remote Access Trojan. Its attacks caused compromise in numerous financial organisations within the Asia-Pacific region.
According to the researchers, they started deciphering the malware’s distinctive modus operandi shortly after receiving it; operators wreaked havoc among financial institutions.
The Gigabud banking malware uses a technique that makes it hard to detect.
Studies reveal that the Gigabud banking malware does not follow standard procedures like conventional payloads. This malware does not start its malicious activity immediately after a successful intrusion. Instead, it waits for its victim’s authorisation, making its attacks more obfuscated.
In addition, the RAT uses HTML overlay attacks and gathers sensitive information through screen recording. This technique transforms Gigabud into a formidable remote device access tool providing its operators access to its victims’ accounts.
Furthermore, the RAT could also enable its operators to run gestures on a compromised device. This scenario could lead to bypassing security protocols, authentication, and the development of automated payments from the victim’s device.
Further investigation also uncovered another threat within the Gigabud family strain. The Gigabud RAT targets multiple businesses and institutions in numerous countries, primarily impersonating trusted organisations. On the other hand, the additional campaign called Gigabud Loan poses as a fake financial institution that deceives users into revealing sensitive data through loan apps.
The researchers also noted that the loan app portrays itself as a legitimate financial institution originating from Peru, Thailand, and Indonesia.
Recent reports also showed that the threat actors distribute their malware tools through phishing websites, targeting numerous countries, including the Philippines, Indonesia, Vietnam, Thailand, and Peru.
The attackers utilise smishing strategies that use chats, SMS, or social media sites to spread links to their victims. Next, they prompt the victims to access phishing websites that allegedly execute tax audits and refunds.
The researchers suggested that financial firms should monitor sessions, disseminate awareness, and deploy security tools to counter the Gigabud malware. Users should avoid clicking risk links and downloading sketchy apps to prevent such attacks.
