{
	"id": "0a44ae5d-10cc-4f16-bfab-4e2682c652c8",
	"created_at": "2026-04-06T00:09:09.39618Z",
	"updated_at": "2026-04-10T03:21:37.979688Z",
	"deleted_at": null,
	"sha1_hash": "9f91ea6a0b728816ffa49bb92af9263b4c4a81d4",
	"title": "Gigabud (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35869,
	"plain_text": "Gigabud (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 18:13:57 UTC\r\nGigabud\r\nGigabud is the name of an Android Remote Access Trojan (RAT) Android that can record the victim's screen and\r\nsteal banking credentials by abusing the Accessibility Service. Gigabud masquerades as banking, shopping, and\r\nother applications. Threat actors have been observed using deceptive websites to distribute Gigabud RAT.\r\nReferences\r\n2023-08-14 ⋅ Group-IB ⋅\r\nBreaking down Gigabud banking malware with Group-IB Fraud Matrix\r\nGigabud\r\n2023-01-19 ⋅ cyble ⋅ Cyble\r\nGigabud RAT: New Android RAT Masquerading as Government Agencies\r\nGigabud\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/apk.gigabud\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/apk.gigabud\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/apk.gigabud"
	],
	"report_names": [
		"apk.gigabud"
	],
	"threat_actors": [],
	"ts_created_at": 1775434149,
	"ts_updated_at": 1775791297,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9f91ea6a0b728816ffa49bb92af9263b4c4a81d4.pdf",
		"text": "https://archive.orkl.eu/9f91ea6a0b728816ffa49bb92af9263b4c4a81d4.txt",
		"img": "https://archive.orkl.eu/9f91ea6a0b728816ffa49bb92af9263b4c4a81d4.jpg"
	}
}