- Phishing websites impersonate trusted brands to deceive users
- Advanced obfuscation techniques bypass traditional security measures
- Real-time detection is critical to mobile security defenses, experts warn
A coordinated mobile malware campaign has been found targeting financial institutions worldwide, experts have warned.
Zimperium’s zLabs research team found that the campaign leveraged two dangerous malware families, Gigabud and Spynote, to compromise mobile devices and target banking apps.
More than 50 financial mobile apps, including 40 banks and 10 cryptocurrency platforms, have been targeted in this sophisticated malware campaign.
Global Malware Campaign
While Gigabud primarily focuses on stealing banking app credentials through phishing websites and malicious apps, Spynote allows attackers to take full control of infected devices and is able to steal data, record media, track locations and remotely control devices.
Domains distributing Gigabud were also found to spread Spynote, indicating a coordinated, large-scale effort to exploit vulnerabilities on mobile devices. Together, these malware strains pose a serious risk to both personal and corporate data, signaling a more complex mobile cyber threat.
The campaign’s reach is global, affecting financial institutions in several countries, as Zimperium discovered 11 command-and-control servers and 79 phishing websites impersonating brands such as Ethiopian Airlines, Vietnamese financial platforms, popular e-commerce sites and even government services.
The attackers have specifically targeted mobile banking apps to gain unauthorized access to sensitive information, including login details, bank details and transaction history.
The Gigabud – Spynote campaign uses advanced obfuscation techniques to bypass traditional security measures. The malware is packaged using Virbox, a tool designed to hide malicious code, making it more difficult for traditional detection methods to identify and analyze the malware.
Although the campaign is primarily aimed at consumer-focused mobile banking apps, the level of access achieved by Gigabud and Spynote raises concerns about the company’s security. Many users have both personal and work-related applications on the same mobile devices, so if a personal device is compromised, sensitive business applications and data, including credentials and two-factor authentication methods, may also be at risk.
Given the global scope of this campaign and the heavy focus on financial apps, Zimperium urges both consumers and organizations to take immediate steps to protect themselves.
Companies must ensure they have real-time on-device mobile security measures capable of detecting and stopping advanced threats, and must educate employees about the risks of downloading apps from unofficial sources, clicking on suspicious links, and granting unnecessary permissions. critical to reducing the risk of mobile malware.
“The connection between Gigabud and Spynote demonstrates the growing complexity of mobile malware attacks. Our latest research highlights the critical importance of real-time, on-device detection to protect against these rapidly evolving threats,” noted Nico Chiaraviglio, Chief Scientist at Zimperium .
