New Ginp banking malware targets credit/debit card information via screen overlay


By MYBRANDBOOK


New Ginp banking malware targets credit/debit card information via screen overlay

A new form of sophisticated Android banking malware named “Ginp” has been uncovered by researchers. It targets Android users via screen overlay attack to steal banking credentials, SMS & credit/debit card details to empty victims’ bank account.

 

The Ginp malware was initially spotted at the end of the October 2019; since then the malware is continuously under development, and 5 different versions of the Trojan have been released.

 

It is being studied that attackers are mainly interested in Spanish based bank users. They are also continuously releasing regular updates, and some evidence found the Gip malware copying code from infamous Anubis banking Trojan. 

 

Ginp is using multiple step overlay to avoid raising suspicion and the initial version was distributed via fake "Google Play Verificator” app to steal the only incoming and outgoing SMS data.’

 

The next version has been released with a set of new features and spreading via masquerading as a fake “Adobe Flash Player” app to target some of the social and utility apps such as Google Play, Facebook, WhatsApp, Chrome, Skype, Instagram, and Twitter.

 

The 3rd version of Ginp is launched to focus on Banking sectors, and the attackers mainly target the 24 apps belonging to 7 different Spanish banks: Caixa bank, Bankinter, Bankia, BBVA, EVO Banco, Kutxabank and Santander.

 

Once the malware landed into the device, as a first step, it removes the icon and seeks the victim for the Accessibility Service privilege. After it gets the permission, the Ginp itself grants some of the sensitive additional permission, such as send messages, and make calls, without requiring any further action from the victim.

 

Ginp targets various social media apps such as Facebook, WhatsApp, Skype, Twitter, Chrome, Instagram, Snapchat and implements the generic credit card grabber overlay screen to harvest the card number, CVV, Date etc.

 

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org