Gigabud RAT: New Android RAT Masquerading as Government Agencies

[silversurfer]

Content source

https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/

Cyble Research & Intelligence Labs (CRIL) discovered a phishing website that was impersonating the genuine Thai Airline – Thai Lion Air, and tricking victims into downloading a malicious application.

The downloaded malicious application is a Remote Access Trojan (RAT) which receives commands from the Command and Control (C&C) server and performs various actions. The RAT has advanced features such as screen recording and abusing the Accessibility Service to steal banking credentials.

During our investigation of the RAT, we discovered that the certificate used to sign this malicious application was found in more than 50 similar malicious samples that use the same source code. These samples posed as government agencies, shopping apps, and banking loan applications from Thailand, the Philippines, and Peru.

Gigabud RAT: New Android RAT Masquerading as Government Agencies

CRIL analyzes Gigabud RAT, the latest Android malware posing as a government agency to steal sensitive information.

blog.cyble.com

 

[Zero Knowledge]

Ahh Android. Malware loves you! The problem is if you allow sideloading of apps and don't police the Google Play store you will get malware infections.

And what does Google Play Protect do if we are getting all these malware infections on Android? They really need to improve it and give it some teeth.

 

[upnorth]

what does Google Play Protect do if we are getting all these malware infections on Android? They really need to improve it and give it some teeth.

Wasn't ESET implemented in Play Protect, a few years ago?

 

[Zero Knowledge]

Wasn't ESET implemented in Play Protect, a few years ago?

That's what they said back then, but it makes you wonder if ESET is used for Google Play Protect and Chrome downloads then why all the malware?

Why do we have all these trojanized flashlight and picture Android apps with backdoors? It's a mystery, it's like they don't manually check Android apps before releasing them to the Play Store. They probably (they do) just run them through an automated checking tool to check for malicious content..

From a society point of view people want the freedom to install anything and that's cool but that includes installing pirated games and apps. So.....

 

[SeriousHoax]

Ahh Android. Malware loves you! The problem is if you allow sideloading of apps and don't police the Google Play store you will get malware infections.

But this is actually true for all OS. I don't download random stuff from PlayStore but sideload some apps that I know is safe. Even used rooted Android phones for many years. Getting infected with a malware on smartphones is very tough for an average user.

 

[Andrezj]

They really need to improve it and give it some teeth.

google invests enormous amounts of resources trying to keep google play clean, but there are effective methods that get through
it just shows that the paradigm of "allow users who want to use stuff to use it" is a failed one

 

[Zero Knowledge]

But this is actually true for all OS. I don't download random stuff from PlayStore but sideload some apps that I know is safe.

That's true, but you can say that about anything 'I only use the best safety practices and don't do <insert any> random activity' then off course you won't get infected or into trouble. However, there are plenty of people who do download shady software and need protecting from themselves and don't use best practices hence the need for security protections.

 

[SeriousHoax]

That's true, but you can say that about anything 'I only use the best safety practices and don't do <insert any> random activity' then off course you won't get infected or into trouble. However, there are plenty of people who do download shady software and need protecting from themselves and don't use best practices hence the need for security protections.

Yeah, that's my point too. It's not just about the OS, it mostly depends on the user. Windows and Android give users more freedom compared to a more lockdown Apple ecosystem's OS. So it's only more logical for Windows and Android to be more vulnerable comparatively. This particular RAT was not on PlayStore. It has to be downloaded and installed. Android won't be Android anymore if for example, it loses the sideloading ability no matter how secure it will make the OS.