Gigabud RAT: New Android RAT Masquerading as Government Agencies

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,123
Cyble Research & Intelligence Labs (CRIL) discovered a phishing website that was impersonating the genuine Thai Airline – Thai Lion Air, and tricking victims into downloading a malicious application.

The downloaded malicious application is a Remote Access Trojan (RAT) which receives commands from the Command and Control (C&C) server and performs various actions. The RAT has advanced features such as screen recording and abusing the Accessibility Service to steal banking credentials.

During our investigation of the RAT, we discovered that the certificate used to sign this malicious application was found in more than 50 similar malicious samples that use the same source code. These samples posed as government agencies, shopping apps, and banking loan applications from Thailand, the Philippines, and Peru.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Ahh Android. Malware loves you! The problem is if you allow sideloading of apps and don't police the Google Play store you will get malware infections.

And what does Google Play Protect do if we are getting all these malware infections on Android? They really need to improve it and give it some teeth.
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Wasn't ESET implemented in Play Protect, a few years ago?
That's what they said back then, but it makes you wonder if ESET is used for Google Play Protect and Chrome downloads then why all the malware?

Why do we have all these trojanized flashlight and picture Android apps with backdoors? It's a mystery, it's like they don't manually check Android apps before releasing them to the Play Store. They probably (they do) just run them through an automated checking tool to check for malicious content..

From a society point of view people want the freedom to install anything and that's cool but that includes installing pirated games and apps. So.....
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,630
Ahh Android. Malware loves you! The problem is if you allow sideloading of apps and don't police the Google Play store you will get malware infections.
But this is actually true for all OS. I don't download random stuff from PlayStore but sideload some apps that I know is safe. Even used rooted Android phones for many years. Getting infected with a malware on smartphones is very tough for an average user.
 

Andrezj

Level 6
Nov 21, 2022
248
They really need to improve it and give it some teeth.
google invests enormous amounts of resources trying to keep google play clean, but there are effective methods that get through
it just shows that the paradigm of "allow users who want to use stuff to use it" is a failed one
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
But this is actually true for all OS. I don't download random stuff from PlayStore but sideload some apps that I know is safe.
That's true, but you can say that about anything 'I only use the best safety practices and don't do <insert any> random activity' then off course you won't get infected or into trouble. However, there are plenty of people who do download shady software and need protecting from themselves and don't use best practices hence the need for security protections.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,630
That's true, but you can say that about anything 'I only use the best safety practices and don't do <insert any> random activity' then off course you won't get infected or into trouble. However, there are plenty of people who do download shady software and need protecting from themselves and don't use best practices hence the need for security protections.
Yeah, that's my point too. It's not just about the OS, it mostly depends on the user. Windows and Android give users more freedom compared to a more lockdown Apple ecosystem's OS. So it's only more logical for Windows and Android to be more vulnerable comparatively. This particular RAT was not on PlayStore. It has to be downloaded and installed. Android won't be Android anymore if for example, it loses the sideloading ability no matter how secure it will make the OS.
 
  • Like
Reactions: silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top