• About
  • Advertise
  • Careers
  • Contact
Saturday, July 2, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Dubbed Ginp; the trojan keeps coming back with new capabilities.

by Cyber360 News
November 28, 2019
in Security
0
Dubbed Ginp; the trojan keeps coming back with new capabilities.
0
SHARES
8
VIEWS
Share on FacebookShare on Twitter

Dubbed Ginp; the trojan keeps coming back with new capabilities.

Researchers at ThreatFabric, the cybersecurity firm based in Amsterdam, have been following an “interesting new strain of banking malware” dubbed Ginp distributed as Adobe Flash Player.

Identified firstly by Kaspersky’s Android malware analyst Tatyana Shishkova in late October; Ginp is currently targeting users in the UK and Spain. Researchers opine that the Trojan was actually launched in June 2019 and is yet under the active development phase.

According to researchers, cybercriminals have released at least five different versions of Ginp in the past five months, which reflects how eagerly cybercriminals are vying to improvise this Trojan.

ThreatFabric analysts claim that Ginp is unique because its codebase was developed from scratch and is being expanded continuously through updates. Its target list is also considerably narrow as its main targets are the banks in Spain. The code of Gino has been copied from the code of another infamous Trojan called Anubis.

Researchers further claim that there are striking similarities between the codes of both Trojans but it cannot be said that Ginp is the replica of Anubis rather it is inspired by Anubis. Such as, Ginp has traces of some of the codes of Anubis and the names of components of both the Trojans are also the same.

The malware works by accessing the target device in the disguise of an authentic app. As soon as the malware gains access to the device, it hides the app icon and asks for Accessibility Service permissions. When the user grants permission, it automatically gets dynamic permissions. Using these permissions, the malware can send messages, make calls and perform overlay attacks easily without alerting the user. 

“The constantly evolving threat of mobile malware is ever-changing. Yesterday’s top malware program may get leaked and stopped but as we can see with Ginp, that same code can be reused and extended into newer and stronger threats. These newer threats add capabilities that make an even stronger case for implementing multi-factor authentication instead of SMS push for one-time passwords. Banks should always evaluate their threat index and ensure they stay ahead of the curve with a flexible platform that can swap out newer technologies as they are identified and implemented.” — Will LaSala, Director Security Solutions, Security Evangelist, OneSpan.

In June 2019, the Ginp malware appeared first on the Play Store as the Google Play Verificator app; initially, its main function was to steal SMS messages. However, by August 2019, another version of the malware appeared posing as the Adobe Flash Player app.

Image: ThreatFabric

This time, according to ThreatFabric’s blog post, the malware could perform many other functions such as abusing Accessibility Service to become the default SMS app and performing overlay attacks. Later, two new versions of the malware surfaced that primarily targeted social media and banking apps.

The current version is being distributed as legitimate banking apps mostly related to Spanish banks and some of the targets haven’t ever seen before in any malware campaign. A total of 24 apps are targeted and infected with Ginp, all of which belong to 7 Spanish banks including Bankinter, Bankia, BBVA, Caixa Bank, EVO Banco, Santander, and Kutxabank.

New Android trojan targets banking apps & threatens 2FA/SMS

Image: ThreatFabric

According to researchers, Ginp may receive further modifications and exhibit many new malicious features along with expanding its targets. For Android users, HackRead’s advice is the same: Use reliable anti-virus on your phone, keep its operating system up to date and refrain from downloading apps from third-party app stores.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Two Discontinued Software Development Kits Found Secretly Harvesting Data From Facebook And Twitter

Two Discontinued Software Development Kits Found Secretly Harvesting Data From Facebook And Twitter

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In