Researchers at Kaspersky have identified a new version of the notorious banking trojan Ginp that was first discovered by analysts from the company in 2019, and the new version reformulated by Ginp includes an unconventional function to include fake text messages in the regular SMS app, this is a bonus On the basic functions of the Trojan banking targeting the Android system, which is the ability to intercept and send SMS text messages, and make installations in application windows.
New Android banking Trojan family #Ginp targeting Spain 🇪🇸 and UK 🇬🇧. Latest versions imitate Adobe Flash Player and decrypt payload from assets. Abuses Accessibility Service, sets itself as default SMS app, gets phishing injects from C&C server. (1/2) pic.twitter.com/fxCE5yeFUl
— Tatyana Shishkova (@sh1shk0va) October 23, 2019
These messages appear under the guise of well-known banking institutions that inform users about the possibility of unreasonable things, such as banning access to the account, while allowing them to prevent these things from happening by asking the user to open the application, so as soon as he does so Trojan installs its malicious application window over the application window The original, and the user is required to enter the credentials to enter the current account or credit card account, and then hand over the user’s payment details to cyber criminals from where he does not know.
Alexander Ermin, a security expert with Kaspersky, stressed that the sabotage effect of Trojan Ginp is great, despite its simplicity, considering that the rate of its development and its ability to acquire new possibilities is worrying, and said: “The appearance of this attack has been limited to Spain until now, but based on our experience, It can be said that it can start appearing in other countries as well, so Android users must be prepared to face its own danger and that of other digital threats. ”
Kaspersky experts recommend the following measures to reduce the risk of Ginp or other banking Trojans:
- Be sure not to download apps except from the official Google Play Store.
- Pay attention to the apps’ request for permissions, as the apps don’t ask for permission to access the SMS, and they shouldn’t.
- Ensure that the anti-virus solution is installed on the phone.
