Banking Mobile Banking News Security

Zimperium Identifies Coordinated Mobile Malware Campaign Targeting Banking Apps Worldwide

Zimperium Identifies Coordinated Mobile Malware Campaign Targeting Banking Apps Worldwide

What: Zimperium, the global leader in mobile security, has uncovered new, critical insights into the Gigabud malware campaign, linking it to the notorious Spynote Android RAT. First reported by Cyble in August 2024, Zimperium’s zLabs investigation reveals that this well-coordinated global campaign leverages phishing websites with intent to install malicious mobile apps from financial institutions. Gigabud manipulates users into granting sensitive permissions, leading to fraudulent transactions, while Spynote enables attackers to take full control of infected devices. This coordinated effort between Gigabud and Spynote signals a heightened threat level in mobile-focused cyber attacks not just for consumers, but the compromised device can result in substantial risk if it is also used for corporate applications.

Catch more Fintech Insights : Global Fintech Series Interview with Frank Pagano, Executive Sales Director at VizyPay

Key Points:

  • Connected Threats: zLabs research shows a strong overlap between Gigabud and Spynote malware families. Domains spreading Gigabud also distributed Spynote, suggesting a coordinated effort by a single threat actor. While Spynote allows attackers to remotely control devices, steal data, record media, and track locations, Gigabud focuses on banking app credential theft. This connection signals a broader and more coordinated threat.
  • Global Targets: The campaign impacts financial institutions worldwide, with phishing websites impersonating major airlines, e-commerce platforms, and government services. Zimperium identified 11 command-and-control servers and 79 phishing sites mimicking trusted brands, like Ethiopian Airlines and Vietnamese loan sites. These sites trick users into downloading malicious mobile apps or granting extensive permissions, giving attackers full mobile device access.
  • New Focus: New findings suggest a shift in the threat actor’s focus from government impersonations to directly targeting financial institutions. zLabs researchers found that over 50 financial mobile apps, including more than 40 banks and 10 cryptocurrency platforms, were specifically targeted in this campaign.
  • Advanced Obfuscation: The malware is protected by Virbox, a packer that complicates detection and analysis. This advanced obfuscation technique allows the malware to evade traditional defenses, increasing the threat’s effectiveness.

Why It Matters: The coordination between Gigabud and Spynote illustrates a significant escalation in mobile-targeted malware campaigns, with threat actors targeting financial institutions globally. The campaign’s scope, use of phishing websites to promote malicious mobile apps, and advanced obfuscation techniques make it difficult for traditional defenses to detect and stop the attacks.

While this campaign initially targets consumer-focused banking apps, given the sophistication of the malware & spyware being loaded onto the mobile device, it is not unreasonable to suspect that their employer’s corporate applications and data that may also be on the device could also be compromised including credential theft, OTP hijacking and corporate network infiltration.

Organizations must prioritize real-time, on-device mobile security measures.

Call to Action: Given the scale and coordination of this campaign, Zimperium urges organizations to assess and fortify their mobile security defenses to counter this evolving threat.

Read More on Fintech : Global Fintech Series Interview with Dagan Osovlansky, Chief Product Officer at ThetaRay

[To share your insights with us, please write to psen@itechseries.com ]

Related posts

Clair, a Social-impact Fintech Raises $4.5m Seed Round to Disrupt the Payday Lending Industry by Providing Free Instant Pay to Hourly and Gig Workers

Fintech News Desk

Talos Announces Integration with BCB Group

PR Newswire

Q2 Helps Axos Bank to Increase Direct Deposit Volume by 30 Percent for Q2 ClickSWITCH Accounts

Fintech News Desk
1