Ginp
Android users have to worry about attacks coming from a new banking Trojan that works on Android devices exclusively. The threat, dubbed Ginp, has been in the wild for at least a few months, but the frequency of its attacks has been amplified recently. The main targets appear to be Spanish users, but cybersecurity experts report that the Ginp banking Trojan also is able to target many other banks and financial institutions. However, they do note that the overlay screens and fraudulent alerts it uses to trick customers of Spanish banks are of exceptional quality, and this might mean that the authors of the Ginp Trojan are very familiar with Spanish banking institutions.
The Ginp Android Trojan Focuses on Spanish Bank Customers
According to a cybersecurity lab that examined samples of the Ginp Trojan, most of its code appears to be written from scratch – however, some of the modules have been borrowed by the Anubis banking Trojan. Currently, Ginp's list of supported features is not that impressive, but the threat packs enough power to execute threatening and silent attacks that enable the attackers to:
- Display dynamic phishing overlays that are chosen based on the victim's banking application or banking website.
- Harvest SMS messages or forward incoming text messages.
- Harvest the victim's contacts.
- List all applications present on the compromised device.
- Forward calls.
- Exchange Command & Control servers swiftly in case the one active goes offline.
The Ginp Trojan also is able to hide its presence on the victim's device by hiding its icon from all accessible menus and uses an empty name/icon in the 'Settings' panel. It is not clear how the Ginp banking Trojan is being spread, but it is likely that the attackers are relying on common propagation techniques used to target Android users – 3rd-party application stores, social media spam, fake ads and pop-ups and fake downloads.
The rapid evolution of the Ginp Trojan shows that its developers have big plans for the future of this project, so it is safe to assume that the list of features the Trojan supports will continue to expand. It is recommended to protect your Android devices from threats like this one by using a reputable mobile security product, as well as being extra careful with the applications you download.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.