Security firm Zimperium has released important new information about the Gigabud malware campaign, which is directly linked to the Spynote spyware. These two malware programs targeting Android users are at the heart of a carefully orchestrated global campaign.
The double attack of Gigabud and Spynote
Experts from zLabs, the research arm of Zimperium, discovered that this operation relies on phishing sites imitating financial institutions to trick users into downloading malicious applications. Once installed, these apps allow hackers to take control of infected devices and carry out fraudulent transactions.
Gigabud malware specifically targets banking users, extracting credentials from them via spoofed apps. Spynote, on the other hand, gives hackers full control over infected devices, allowing data theft, media recording, and even geolocation of victims.
This dual threat, combined with a sophisticated phishing distribution strategy, significantly raises the risk level for individual users and businesses whose data could be compromised via shared devices.
According to Zimperium’s research, this campaign is affecting financial institutions across the world, particularly in Africa and Asia. The phishing sites are imitating well-known brands such as Ethiopian Airlines and lending platforms in Vietnam, tricking users into downloading corrupted applications.
Once installed, these apps require sensitive permissions that allow malware to take control of devices. Zimperium has identified at least 79 phishing sites and 11 command and control servers linked to this operation.
zLabs experts have also observed a change in the methods of cybercriminals. While phishing campaigns initially targeted government services, attacks are now focusing on financial institutions. More than 50 financial applications, including cryptocurrency platforms, have been targeted.
Another alarming factor is the use of an advanced protection tool, Virbox, which allows these malware to evade traditional defense systems. This obfuscation process complicates the detection and analysis of the malware, thus reinforcing the effectiveness of the campaign. Gigabud, Spynote Link Shows Escalation of Mobile Malware Attacks “, explains Nico Chiaraviglio, scientific director at Zimperium.
If an infected personal device is used to access corporate applications, attackers could potentially steal credentials, hijack one-time passwords (OTPs), and infiltrate corporate networks. The impact on businesses can be significant, ranging from compromised sensitive data to significant financial losses.
Zimperium therefore calls on organizations to strengthen their mobile defense by adopting real-time security measures directly on devices.
🟣 To not miss any news on the WorldOfSoftware, , .