Lamya Amghar

Global Campaign of Malware Targeting Banking Apps

Malware continues to pose a significant threat to organizations across the globe. With cybersecurity technologies becoming more advanced, malicious actors constantly evolve their methods to stay ahead. One of the most concerning examples of this evolution is the Gigabud Trojan, a malware that has made headlines due to its widespread impact.

Designed to capture banking app login credentials and sensitive financial information, Gigabud is a serious threat. When combined with other malware such as the Spynote Android Remote Access Trojan (RAT), which gives attackers remote access to infected devices, the risk posed to individuals and organizations multiplies. Gigabud’s reach is staggering, with over 50 financial applications already compromised, including over 40 banks and 10 cryptocurrency platforms. Its deceptive nature and ability to evade detection make it one of the most dangerous malware strains in the financial sector today [1].

A Deeper Look at Gigabud

Gigabud is a sophisticated form of malware designed to break into apps and steal sensitive information such as usernames, passwords, and account details. It achieves this by discreetly recording the victim’s screen, particularly banking information, using the Accessibility Service [2]. Unlike traditional banking Trojans that use screen overlays, Gigabud’s approach leaves the user interface unchanged, making it harder to detect. Hackers spread this malware by disguising it as legitimate banking or shopping apps and using fake websites to trick victims [3].

Leading Digital Wallet Use Case

A digital wallet is an online service or mobile application that allows users to store and manage their financial information, such as credit cards, debit cards, and bank accounts. It enables secure and convenient payments for goods and services, either online or in physical stores, without the need for cash or physical cards. Users can also make peer-to-peer transfers, pay bills, and, in some cases, earn rewards. Transactions are typically completed by scanning a QR code, entering a PIN, or using biometric verification for added security.

OVO, a popular digital wallet in Indonesia, operates in this way, allowing users to pay for various services, including ride-hailing, shopping, and bill payments. However, it became a target of the Gigabud malware campaign, where users unknowingly downloaded fake versions of the OVO app or were lured into phishing sites. Once Gigabud was installed, it gained access to sensitive data like login credentials and financial information, leading to unauthorized transactions and compromising users’ accounts. This attack highlights the importance of downloading apps only from trusted sources to avoid security breaches [4].

How Banks are at Risk

As more financial institutions move toward digital platforms, they become prime targets for cybercriminals.

Attacks like these can have severe consequences, not only for the affected institutions but also for the users who rely on them for secure financial transactions.

According to IBM’s 2024 “Cost of a Data Breach Report” [5], the financial industry ranks second, behind healthcare, in terms of the highest costs associated with data breaches.

Cost of a data breach by industry [5]

The financial sector is also among the top five industries most frequently targeted by cyberattacks, as highlighted in Verizon’s Data Breach Investigation Report (DBIR) [6].

Financial institutions are prime targets due to the valuable data they hold, which can be exploited in various ways, including fraud, identity theft, and other cybercrimes.

Common Cyber Threats for Banks

Several types of cyberattacks have become increasingly common in the financial sector [7]:

Phishing: A leading cyberattack method in the financial sector where cybercriminals send fraudulent emails or DM’s appearing to be from trusted sources to steal credentials or deploy malware.
Distributed Denial of Service (DDoS) attacks: Overwhelm an organization’s systems with excessive traffic, disrupting banking services and causing financial and operational losses.
Vulnerability exploitation: Attackers find weaknesses in a bank’s systems to steal data, disrupt services, or take over systems entirely.
Account takeover attacks: Particularly with the rise of remote work, cybercriminals use stolen or guessed credentials to access corporate systems, leading to data theft, malware deployment, or further attacks.

Protecting Financial Institutions from Cyber Threats

Bank impersonation and scams are becoming more sophisticated, requiring financial institutions to enhance their cybersecurity measures. Cybercriminals increasingly impersonate banks to deceive customers and steal sensitive information. To combat these threats effectively, financial institutions must invest in advanced technologies such as threat detection systems to stay ahead of these evolving scams.

Eydle offers a powerful solution to combat these risks, specializing in protecting businesses from online scams that can harm their reputation. Our AI-driven technology, developed by experts from MIT, Stanford, and Carnegie Mellon, excels at detecting fake accounts, fraudulent posts, and malicious activities before they impact your organization. Eydle’s cutting-edge systems continuously monitor for potential threats, providing real-time protection and ensuring your brand remains secure from fraud. To discover how Eydle can enhance your security, visit www.eydle.com or contact us at [email protected].