New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky


New remote access Trojan called Ghimob has been targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola and Mozambique, security researchers at Kaspersky have discovered. This Trojan has been deployed by a Brazil-based threat group Guildma that was behind the recent Astaroth Windows malware as well. Once the Trojan is deployed on a smartphone, the hacker can access the infected device remotely, completing fraudulent transaction with the victim’s smartphone without consent.

Kaspersky discovered the Ghimob Trojan while investigating another malware campaign. The Trojan is spread via email that pretends to be from a creditor and provides a link where the recipient could view more information, while the app itself pretends to be Google Defender, Google Docs, WhatsApp Updater, etc. If the recipient falls for the scam and clicks on the link, the Trojan gets downloaded on their handsets.

Once infection is completed, the malware proceeds to send a message to the hacker. This includes the phone model, whether it has screen lock activated, and a list of all installed apps that the malware has as a target including version numbers. Kaspersky says Ghimob spies on 153 mobile apps, mainly from banks, fintechs, cryptocurrencies and exchanges. The report says that this includes about 112 apps from institutions in Brazil, 13 cryptocurrency apps from different countries, nine international payment systems, five bank apps in Germany, three bank apps in Portugal, two apps in Peru, two in Paraguay, and one app each from Angola and Mozambique as well.

With Ghimob, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioural systems. The hacker is also able to bypass screen lock, by recording it and later replaying it to unlock the device. “When the cybercriminal is ready to perform the transaction, they can insert a black screen as an overlay or open some website in full screen, so while the user looks at that screen, the criminal performs the transaction in the background by using the financial app running on the victim’s smartphone that the user has opened or logged in to,” researchers at Kaspersky explain.

Ghimob tries to hide its presence by hiding the icon from the app drawer. The malware also blocks the user from uninstalling it, restarting or shutting down the phone. Kaspersky cautions, “Ghimob is the first Brazilian mobile banking trojan ready to expand and target financial institutions and their customers living in other countries. Our telemetry findings have confirmed victims in Brazil, but as we saw, the trojan is well prepared to steal credentials from banks, fintechs, exchanges, crypto-exchanges and credit cards from financial institutions operating in many countries, so it will naturally be an international expansion.”

Kaspersky warns financial institutions to be vary of Ghimob and improve their authentication processes, boost their anti-fraud technology and threat intel data.


Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.



Source link

Latest articles

Nokia 8000 4G design details have surfaced online in a leaked poster, which features the first purported image of the revamped feature phone....

New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky

New remote access Trojan called Ghimob has been targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany,...

Trailer For Upcoming Election, Says Gujarat Chief Minister On BJP’s Bypoll Sweep

Gujarat Bypolls: Election to eight Assembly seats took place November 3Gandhinagar: The BJP is on the verge of a clean sweep in...

Tanushree Dutta announces Bollywood comeback, lost 15 kgs to get back in shape

Actress Tanushree Dutta, who has been the flagbearer of Me Too Movement in Bollywood after she opened up about her...
44.1k Followers
Follow

Related articles

Leave a reply

Please enter your comment!
Please enter your name here