While ransomware is becoming more fashionable, banking malware is also popular. Recently, new software of this type has been discovered, taking again the code of another very dangerous banking malware, namely Anubis. The fact is that this new malware can empty the bank account of the victims!
The Ginp malware
Called Ginp, the malicious program in question is based on Anubis, another malware that has been much talked about this summer. Indeed, it would have targeted almost 200 Android applications related to banking and finance. If the Ginp discovery was imputed to Kaspersky’s cybersecurity company in October 2019, it has actually been around for a longer time. Indeed, according to a statement from ThreatFabric, Ginp appeared in June 2019!
Experts say that if the malware is still in development, five versions of it have already been spotted! Ginp is not ransomware claiming a sum of money but its attacks are even more formidable!
The Ginp malware deceives its world by posing as a regular application, such as Adobe Flash Player. It can also be questionable apps that can trick, like Google Play Verification. However, be aware that Ginp has not yet entered the Google Play Store. On the other hand, it is present within Android Package Kits (APK), easily available on the Web.
Ginp is plundering bank accounts
After the installation on the smartphone, Ginp will hide the icon of the application so that it becomes difficult to erase by the user. Subsequently, the malware will request a validation concerning the accessibility services of the smartphone. This is privileged access to certain features of the system, generally used for people with disabilities.
From that moment on, the Ginp malware has carte blanche on the machine. It can collect and send SMS, make calls, launch fraudulent orders without the user noticing anything. Above all, the software is able to display fake windows when the user opens his banking application. By imitating faithfully the interface, Ginp retrieves the banking data that will be used to loot the account.
It should be known that the target malware for the moment the applications of Spanish banks (Caixa, BBVA, Santander etc.), but it could spread. However, if the applications of the Google Play Store are currently spared, the user whose smartphone is already infected can be had. Indeed, during a purchase on Google Play Store, Ginp asks the details of the credit card!