The Gigabud RAT Android banking malware has emerged as a significant threat, targeting numerous financial institutions across countries including Thailand, Indonesia, Vietnam, the Philippines, and Peru. Notably, Gigabud RAT stands out for its unique approach, requiring user authorization into the malicious application by a fraudster before executing malicious actions, making detection more challenging.
It employs screen recording rather than HTML overlay attacks to gather sensitive information, setting it apart from conventional methods. Cyble first documented Gigabud RAT in January 2023, with activities dating back to at least July 2022.
Additionally, a variant known as Gigabud.Loan has been identified, masquerading as a loan application and luring victims into providing personal data under the pretext of obtaining low-interest loans.
Both versions of the malware are propagated through phishing websites, SMS, and messaging platforms like WhatsApp. Furthermore, Gigabud RAT leverages accessibility services permissions to capture screens, log keystrokes, replace bank card numbers, and perform automated fund transfers. Meanwhile, Gigabud.Loan collects various personal details, including full name, identity number, bank card information, and more.
Amid these cyber threats, an unrelated discovery of 43 rogue apps on the Google Play Store has been made, targeting users by displaying ads even when the device’s screen is off. McAfee revealed that these apps seek permission to draw over other apps, potentially leading to further malicious activities such as loading ads in the background and displaying phishing pages.
Additionally, the U.S. Federal Bureau of Investigation (FBI) has issued warnings about scammers pretending to offer recovery and tracing services for victims of cryptocurrency investment scams. The agency highlighted instances where cybercriminals embedded nefarious code in mobile beta-testing apps to steal personal information and financial data from unsuspecting victims.
