Researchers at security firm Kaspersky uncovered a new banking trojan that goes by the name of Ghimob. This malware can spy on and steal data from 153 Android mobile applications, which mostly involve the banking, fintech, cryptocurrency, and exchange sectors. And according to Kaspersky’s report, Ghimob’s creators are supposedly the same cybercriminals behind the Astaroth (Guildma) Windows malware, a well-known Brazilian banking trojan. Both malicious software programs share the same infrastructure, and the mobile version’s protocol is similar to that of its Windows counterpart.
Ghimob is available for download via malicious Android apps located on websites and servers that the Astaroth operation previously used. Instead of distributing them through the Google Play Store, cybercriminals used emails or malware-infected sites to redirect users to web pages promoting bogus Android apps. The latter mobile applications pose as genuine products and programs, with names like WhatsApp Updater, Google Docs, Google Defender, and Flash Update. Devices would warn users against installing these applications, which request entry to the Accessibility service to initiate infection. Should users ignore the warnings, install the apps, and grant them system access, the malware would search the list of 153 apps and produce a fake sign-in page to steal the victim’s credentials.
After acquiring sensitive data like usernames and passwords, the Ghimob mob can access the user’s accounts and make illegal transactions. They can even bypass the advanced security measures that users enabled for their accounts to respond to any security probe that the smartphone displays. The hackers mostly targeted Brazilian banking apps (112) but have expanded operations to other countries like Peru (two apps), Germany (five apps), Paraguay (two apps), Portugal (three apps), and Mozambique and Angola (one app each). Furthermore, they began targeting cryptocurrency exchange apps to steal crypto accounts.
Cyberattacks have dramatically increased during the coronavirus pandemic, which is why users must remain vigilant and employ advanced security measures and tools. VPNs offer total online privacy and anonymity, but choosing the right one can be tricky. TheVPN.Guru offers unbiased and detailed VPN reviews, with how-to guides to help take full advantage of VPN benefits.
