Security experts discovered an Android banking Trojan, dubbed Ginp, that steals both login credentials and credit card data.
Security experts at ThreatFabric discovered an Android banking Trojan, dubbed Ginp, that steals both login credentials and credit card data.
Ginp was first spotted in October by Kaspersky while targeting Spain and UK, but researchers believe it has been active around since June. The malware has already received five major updates, with the latest one borrowing pieces of code from the Anubis banking Trojan.
“What makes Ginp stand out is that it was built from scratch being expanded through regular updates, the last of which including code copied from the infamous Anubis banking Trojan, indicating that its author is cherry-picking the most relevant functionality for its malware. In addition, its original target list is extremely narrow and seems to be focused on Spanish banks.” reads the report published by ThreatFabric. “Last but not least, all the overlay screens (injects) for the banks include two steps; first stealing the victim’s login credentials, then their credit card details.”
The initial version of the malware dates back to early June 2019, it was masquerading as a “Google Play Verificator” app and it was developed to steal victim’s SMS messages. In August, its authors implemented some banking-specific features and started spreading the malicious code as fake “Adobe Flash Player” apps.
The malware abuses the Accessibility Service to perform overlay attacks and become the default SMS app.
By using overlay attacks as part of a generic credit card grabber the malwa ..
Support the originator by clicking the read the rest link below.
