- Aug 17, 2014
- 11,196
Cyble Research & Intelligence Labs (CRIL) discovered a phishing website that was impersonating the genuine Thai Airline – Thai Lion Air, and tricking victims into downloading a malicious application.
The downloaded malicious application is a Remote Access Trojan (RAT) which receives commands from the Command and Control (C&C) server and performs various actions. The RAT has advanced features such as screen recording and abusing the Accessibility Service to steal banking credentials.
During our investigation of the RAT, we discovered that the certificate used to sign this malicious application was found in more than 50 similar malicious samples that use the same source code. These samples posed as government agencies, shopping apps, and banking loan applications from Thailand, the Philippines, and Peru.
Gigabud RAT: New Android RAT Masquerading as Government Agencies
CRIL analyzes Gigabud RAT, the latest Android malware posing as a government agency to steal sensitive information.
blog.cyble.com