26 C
Wednesday, April 17, 2024

‘Ghimob’ malware may spy on 153 Android mobile apps

New ‘Ghimob’ Android trojan evolves from Brazil and may spread globally

Image: Collected

In their recent research, the security researchers have discovered a new Android banking trojan that can steal data from 153 Android applications.

Named ‘Ghimob’, the trojan spies mainly through banks, fintechs, cryptocurrencies and exchanges. The threat from the trojan is highlighted in a new report by Kaspersky.

Kaspersky says, the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth (Guildama) operation.

Also Kaspersky warns that the new Android trojan gives a remote access of an infected device to the hacker. Once infected, the trojan can be used to complete fraudulent transactions right from the victims’ smartphones.

The report mentions that Ghimob is able to operate “even if the user has a screen lock pattern in place.” It does so by recording the screen lock pattern and then replaying it to unlock the device.

After any phishing attempt was successful, all collected credentials were sent back to the Ghimob gang, which would then access a victim’s account and initiate illegal transactions.

If accounts were protected by hardened security measures, the Ghimob gang used its full control over the device (via the Accessibility service) to respond to any security probes and prompts shown on the attacked smartphone.

Ghimob’s features aren’t unique, but actually copy the make-up of other Android banking trojans, such as BlackRock or Alien.

Kaspersky noted that Ghimob’s development currently echoes a global trend in the Brazilian malware market, with the very active local malware gangs slowly expanding to target victims in countries abroad.

In fact, the report claims Ghimob to be the first Brazilian mobile banking trojan “ready to expand and target financial institutions and their customers living in other countries.”

Related Articles


Cloud Computing Security Issues, Threats and Controls

Cloud Computing and service models  The official NIST definition (NIST 800-145) of cloud computing says, “Cloud Computing is a model for enabling ubiquitous, convenient, on-demand...
API and Open Banking

API and Open Banking: Way for New Service Innovation for Banks and FinTech Companies

The people who gathered at a hall room of a city hotel in last month had one thing in common—they all are working in...
ISO 2001

ISO 27002: 2022 Implementation vs Reality

After almost a decade, ISO27001: 2013 is going to publish its new iteration of ISO27001:2022 in second (2nd) Quarter this year1. But prior to...
Deepfakes: The Synthetic Media I want to believe

Deepfakes: The Synthetic Media I want to believe

What Are Deepfakes? A deepfake is a sort of "synthetic media," which refers to material (such as images, audio, and video) that has been modified...
The power of API platforms

The power of API platforms brings the open banking promise into sharper focus

Open banking is a global phenomenon whose merits are felt in virtually every time zone, including those in the Asia-Pacific region. In contrast to...
Blockchains Gaming and Collusion

“Blockchains: Gaming and Collusion- A Reading in Political Economy”:  Futuristic Exploration with Fact-based Analysis

In this digital age, it has become quite common for us to constantly remain mesmerized by fascinating technologies.  However, deeper thoughts about those technologies,...