Cybercriminals do not rest when looking for new victims and scams to carry out scams. Android and Windows operating systems are generally targeted by these threats. The cybersecurity firm Kaspersky has discovered Ghimob, the banking Trojan that can endanger our Android smartphone. It is a serious threat as it can spy on us and conduct banking transactions. Do you want to know all the details of this new threat that affects your Android device?
How Ghimob was discovered
The security company Kaspersky has found a new malicious software that has been called Ghimob, and that allows an attacker to gain access to infected devices. Kaspersky researchers discovered this by running checks on a campaign by Guildma, another banking malware for Microsoft‘s operating system.
Thanks to this investigation, Kaspersky security specialists found a URL with a malicious file with a ZIP extension for Windows. However, that was not all, as they also found a malicious file that appeared to be a downloader to install a new banking trojan called Ghimob. In this case, it was not for Windows, it affects the system of the Mountain View company, that is Android.
The origin of the Ghimob banking Trojan can be found in Brazil. This threat was born from Latin American cybercriminals with the intention of turning it into a global banking Trojan. At this moment, they are gradually achieving this objective, and there are already more countries that have been added to the list, some of them European. Thus, according to the cybersecurity company Kaspersky, in addition to Brazil, it has already spread to other countries such as Paraguay, Peru, Portugal, Germany, Angola and Mozambique, and very soon Spain will also be affected.
How the Ghimob banking Trojan works
Now we are going to explain how cybercriminals act to infect us with the Ghimob banking Trojan . It all starts when victims receive an email suggesting that the person who receives it has some kind of debt, and they entice them to install a file. In that email they receive, it contains a link that the victim can click to obtain more information, and it is from there that the process to infect our smartphone begins.
As soon as the RAT is installed, this malicious software sends a message to the attacker’s server informing them that the device infection has been successful. However, that’s not all, as the message also includes other important information such as the following:
- The smartphone model.
- If you have security on the lock screen.
- A list of all installed applications that malware can attack.
From what is known so far, Ghimob has the ability to spy on 153 mobile applications , mainly from banks, finance companies, cryptocurrencies and exchanges. After the infection, Ghimob becomes a powerful spy on the actions we carry out with our smartphones. Thus, developers can remotely access the infected device . In addition, the fraud is carried out using the owner’s smartphone to circumvent the security measures implemented by financial institutions in their apps.
If we use a lock screen pattern, this banking Trojan is able to record it and after playing it to automatically unlock the device. Then, to carry out his criminal actions, he uses screen overlay techniques, and opens some websites in full screen. Then, while the victim watches that overlay or web screen, cybercriminals seize the moment to perform fraudulent transactions in the background.
How to protect ourselves from this banking Trojan
The best way to protect ourselves from Ghimob, as usual, is by not downloading applications outside of the Google Play Store. Remember that, in this case, the infection comes from clicking a link and installing an application other than the Play Store. Finally, to improve security you can think about installing some of the best antivirus for Android.
