Cybersecurity researchers are warning about a dangerous new malware strain that targets banking customers by exploiting WhatsApp and SMS.
Dubbed “GhostBat RAT,” the malicious software masquerades as legitimate government-related apps, tricking users into downloading infected Android files from GitHub or compromised websites.
According to the team at Cyble, the malware campaign has resurged in India with alarming sophistication, using shortened URLs in WhatsApp messages and text alerts to deceive victims into believing they’re installing official transportation apps.
Once installed, GhostBat RAT deploys a phishing overlay that captures sensitive information including mobile banking credentials, UPI PINs, and account details. It also intercepts SMS messages containing banking-related keywords to siphon one-time passwords and two-factor authentication codes, giving attackers full access to victims’ financial accounts.
Researchers found that the malware communicates with a remote command-and-control server to exfiltrate stolen data in real time, while also granting attackers the ability to monitor user activity, send messages, and modify system settings.
Cyble says that the campaign leverages social engineering tactics to build trust and gain permissions that bypass Android’s default security safeguards.
The firm has urged users to remain vigilant, avoid downloading applications from unofficial links, and verify the authenticity of app publishers before installation. Security experts also recommend reviewing app permissions, updating Android systems regularly, and using reliable mobile antivirus tools.
“The GhostBat RAT campaign represents a sophisticated evolution of RTO-themed Android malware. It combines multi-stage dropper techniques, anti-analysis defenses, native code exploitation, and social engineering to compromise users.
By targeting both banking credentials and UPI authentication flows, the malware demonstrates an ability to extract financial information directly while evading traditional detection mechanisms.”
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
