- Phishing Websites Impersonate Trusted Brands to Deceive Users
- Advanced obfuscation techniques evade traditional security measures
- Real-time detection is crucial for defending mobile security, experts warn
A coordinated mobile malware campaign has been discovered targeting financial institutions around the world, experts have warned.
Zimperium’s zLabs research team discovered that the campaign exploited two dangerous malware families, Gigabud and Spynote, to compromise mobile devices and target banking apps.
More than 50 financial mobile apps, including 40 banks and 10 cryptocurrency platforms, were targeted by this sophisticated malware campaign.
Global Anti-Malware Campaign
While Gigabud mainly focuses on stealing banking app credentials through phishing websites and malicious apps, Spynote allows attackers to take full control of infected devices and is capable of stealing data, recording media, track locations, and control devices remotely.
Domains distributing Gigabud were also found to be spreading Spynote, indicating a large-scale, coordinated effort to exploit vulnerabilities in mobile devices. Together, these malware strains pose a serious risk to personal and corporate data, signaling a more complex mobile cyber threat.
The campaign’s reach is global, affecting financial institutions in multiple countries, as Zimperium discovered 11 command and control servers and 79 phishing websites impersonating brands such as Ethiopian Airlines, Vietnamese financial platforms, popular e-commerce sites and even government services.
Attackers specifically targeted mobile banking apps to gain unauthorized access to sensitive information, including login credentials, banking details and transaction history.
The Gigabud – Spynote campaign uses advanced obfuscation techniques to evade traditional security measures. The malware is packaged using Virbox, a tool designed to conceal malicious code, making it more difficult for the malware to be identified and analyzed by traditional detection methods.
Although the campaign primarily targets consumer-facing mobile banking apps, the level of access achieved by Gigabud and Spynote raises concerns about corporate security. Many users have personal and work apps on the same mobile devices. So, if a personal device is compromised, sensitive company applications and data, including credentials and two-factor authentication methods, could also be at risk.
Given the global scale of this campaign and the focus on financial applications, Zimperium urges consumers and organizations to take immediate steps to protect themselves.
Businesses should ensure they have real-time mobile security measures on their devices that can detect and stop advanced threats, and they should educate their employees about the risks of downloading apps from from unofficial sources, clicking on suspicious links and granting unnecessary permissions. crucial to mitigating mobile malware risks.
“The connection between Gigabud and Spynote demonstrates the growing complexity of mobile malware attacks. Our latest research highlights the critical importance of real-time on-device detection to protect against these rapidly evolving threats,” noted Nico Chiaraviglio, Chief Scientist at Zimperium.
