- Phishing Websites Impersonate Trusted Brands to Deceive Users
- Advanced obfuscation techniques evade traditional security measures
- Real-time detection is crucial to defending mobile security, experts warn
A coordinated mobile malware campaign targeting financial institutions around the world has been uncovered, experts have warned.
Zimperium’s zLabs research team found that the campaign leveraged two dangerous malware families, Gigabud and Spynote, to compromise mobile devices and target banking applications.
More than 50 mobile financial applications, including 40 banks and 10 cryptocurrency platforms, have been the target of this sophisticated malware campaign.
Global malware campaign
While Gigabud mainly focuses on stealing banking app credentials through phishing websites and malicious apps, Spynote allows attackers to take full control of infected devices and is capable of stealing data, recording media, tracking locations, and monitoring devices remotely.
Domains distributing Gigabud were also found to spread Spynote, indicating a large-scale, coordinated effort to exploit mobile device vulnerabilities. Together, these malware strains pose a serious risk to personal and corporate data, indicating a more complex mobile cyber threat.
The reach of the campaign is global and affects financial institutions in several countries, as Zimperium discovered 11 command and control servers and 79 phishing websites impersonating brands such as Ethiopia Airlines, Vietnamese financial platforms, popular trading sites electronic and even government services.
Attackers have specifically targeted mobile banking applications to gain unauthorized access to sensitive information, including login credentials, banking details, and transaction histories.
The Gigabud – Spynote campaign uses advanced obfuscation techniques to evade traditional security measures. The malware is packaged with Virbox, a tool designed to hide malicious code, making it difficult for traditional detection methods to identify and analyze the malware.
Although the campaign primarily targets consumer-focused mobile banking apps, the level of access Gigabud and Spynote achieve raises concerns about corporate security. Many users have personal and work apps on the same mobile devices, so if a personal device is compromised, sensitive corporate apps and data, including credentials and two-factor authentication methods, could also be at risk.
Given the global scale of this campaign and the heavy focus on financial applications, Zimperium urges both consumers and organizations to take immediate steps to protect themselves.
Companies should ensure they have real-time on-device mobile security measures in place that can detect and stop advanced threats, and should educate employees about the risks of downloading apps from unofficial sources, clicking on suspicious links, and granting permissions. unnecessary. crucial to mitigate the risks of mobile malware.
“The connection between Gigabud and Spynote demonstrates the increasing complexity of mobile malware attacks. “Our latest research highlights the critical importance of real-time on-device detection to protect against these rapidly evolving threats,” said Nico Chiaraviglio, Chief Scientist at Zimperium.
