Android users across India have been subjected to intrusions spreading the reemergent GhostBat RAT malware as part of a new campaign, reports The Cyber Express.Hacked websites, WhatsApp, and SMS messages have been used by threat actors to deliver illicit APK files, resulting in the download of spoofed versions of Indian Regional Transport Office apps, including mParivahan, findings from Cyble Research and Intelligence Labs researchers showed.Installation of the counterfeit mParivahan app enabled not only the exfiltration of UPI PINs but also the exfiltration of SMS messages with banking-related keywords. Infected devices are also concurrently registered using the Telegram bot 'GhostBatRat_bot', with the malware conducting ZIP header manipulation, extensive string obfuscation, native code execution, and anti-emulation tactics to bypass detection.Researchers also discovered more sophisticated GhostBat RAT malware variants that enabled encrypted payload execution through a native C/C++-based packer.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds