GhostBat RAT Malware Targets Android Users via Fake Apps

A new Android malware campaign, dubbed GhostBat RAT, is spreading through fake government transport applications. Distributed via messaging apps and malicious links, the malware uses sophisticated techniques like multi-stage droppers and heavy obfuscation to evade detection. Once installed, it presents phishing pages to steal banking credentials and UPI PINs from unsuspecting victims. The malware also exfiltrates SMS messages, targeting OTPs to facilitate unauthorized transactions, and includes a cryptocurrency mining module. Attackers manage compromised devices using a Telegram bot, which establishes a command-and-control channel for real-time monitoring.

Latest mentioned: 10-15

Earliest mentioned: 10-09

Sources

gbhackers.com gbhackers.com thecyberexpress.com securityonline.info thehackernews.com

Also Read

Airstalk Malware: Sophisticated Windows Threat Exploits MDM

Cybersecurity researchers have uncovered Airstalk, a sophisticated Windows malware family available in PowerShell and .NET variants. The malware, linked to a nation-state threat actor, uses legitimate mobile device management infrastructure for covert command-and-control communications. It targets sensitive browser credentials and employs advanced evasion techniques, including the use of a likely stolen certificate. The malware's sophisticated design suggests a well-resourced adversary with advanced capabilities. Organizations utilizing business process outsourcing services are particularly at risk due to the malware's supply chain attack vector.

10-31Read more →