Gigabud RAT is a sneaky Android banking malware

We reported on a number of different malware programs out there, and unfortunately, we have another such report. This time around we’re talking about Gigabud RAT, a sneaky Android banking malware.

Gigabud RAT is a rather new banking malware which can cause serious financial damage

At the moment, it’s targeting accounts holders over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru. It could spread to other countries, though.

This malware does things a bit differently than most other banking malware we’ve come across. It doesn’t execute any malicious actions until the user is authorized into the malicious application. That sheer fact makes it very, very difficult to detect. This info comes from Group-IB researchers.

This malware does not go for HTML overlay attacks, like most others. Instead, it “gathers sensitive information primarily through screen recording”.

Gigabud RAT is a rather new malware. It was first documented by Cyble back in January this year. Back then, it was impersonating bank and government apps to get sensitive data. It seems to have been operational since July 2022, though.

There is also a second version of this malware called ‘Gigabud.Loan’

There is also a second variant of this malware referred to as Gigabud.Loan. That particular malware disguises itself as loan applications. It lures users to file for a low-interest loan via a scam app. That way, it can gather all the info it needs.

TheHackerNews notes that both versions of this malware spread to users via phishing websites. Those links usually end up being delivered to users via SMS messages, or via social media. Gigabud.Load also gets pushed out in the wild in the form of APK files through WhatsApp.

As we always say, be very careful when it comes to unknown links that look suspicious, and also install apps from unknown sources. Your last line of defense are permissions on your Android phone. Make sure you grant permissions only to apps you trust, and be wary of what permissions you grant them as well.