Naive victims themselves transmit detailed information about themselves to intruders.
Users of numerous financial applications in Thailand, Indonesia, Vietnam, the Philippines and Peru are being targeted by the Android banking Trojan "Hud RAT".
According to Group-IB researchers, one of the unique features of the malware is that it does not perform any malicious actions until the user logs in to the fraudulent application. This fact makes it very difficult to detect the Hud RAT.
In addition, instead of using attacks with HTML code overlay, the Trojan collects confidential information mainly by recording the screen, which, however, is not effective against any banking applications.
The Hud RAT was first documented by Cyble in January 2023, which we also reported to our regular readers. Then the malware impersonated banking and government applications, secretly stealing confidential data of victims. It is known that the Hud RAT Trojan has been active since at least July last year.
Group-IB also revealed a new version of the malware - already without the capabilities of RAT, but no less effective. Dubbed "Hud. Loan", the malware pretends to be an application for obtaining microloans, but in reality it simply merges the entered data to the attackers. And since we are talking about microloans, the victims leave quite detailed information about themselves, without even feeling the catch.
Both versions of malware are distributed through phishing websites, which are linked to victims via SMS or social media. Gigabud.Loan is also distributed directly in the form of APKs sent via WhatsApp allegedly by representatives of the organizations described above that provide microloans.
Experts recommend that you exercise extreme caution when installing apps from unverified sources, and also be critical of any suspicious links or files received via email or instant messengers.
Users of numerous financial applications in Thailand, Indonesia, Vietnam, the Philippines and Peru are being targeted by the Android banking Trojan "Hud RAT".
According to Group-IB researchers, one of the unique features of the malware is that it does not perform any malicious actions until the user logs in to the fraudulent application. This fact makes it very difficult to detect the Hud RAT.
In addition, instead of using attacks with HTML code overlay, the Trojan collects confidential information mainly by recording the screen, which, however, is not effective against any banking applications.
The Hud RAT was first documented by Cyble in January 2023, which we also reported to our regular readers. Then the malware impersonated banking and government applications, secretly stealing confidential data of victims. It is known that the Hud RAT Trojan has been active since at least July last year.
Group-IB also revealed a new version of the malware - already without the capabilities of RAT, but no less effective. Dubbed "Hud. Loan", the malware pretends to be an application for obtaining microloans, but in reality it simply merges the entered data to the attackers. And since we are talking about microloans, the victims leave quite detailed information about themselves, without even feeling the catch.
Both versions of malware are distributed through phishing websites, which are linked to victims via SMS or social media. Gigabud.Loan is also distributed directly in the form of APKs sent via WhatsApp allegedly by representatives of the organizations described above that provide microloans.
Experts recommend that you exercise extreme caution when installing apps from unverified sources, and also be critical of any suspicious links or files received via email or instant messengers.
