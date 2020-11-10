Technology News
loading
  • Home
  • Mobiles
  • Mobiles News
  • New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky

New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky

Kaspersky says Ghimob spies on 153 mobile apps, mainly from banks, fintechs, cryptocurrencies and exchanges.

By Tasneem Akolawala | Updated: 10 November 2020 13:38 IST
Share on Facebook Tweet Snapchat Share Reddit Comment
New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky

Ghimob spies on112 apps from institutions in Brazil, 13 cryptocurrency app, Kaspersky says

Highlights
  • With Ghimob, the hacker can access the infected device remotely
  • The Trojan is able to bypass screen lock as well
  • The hacker can complete fraud transactions via bank apps

New remote access Trojan called Ghimob has been targeting financial apps from banks, fintechs, exchanges and cryptocurrencies in Brazil, Paraguay, Peru, Portugal, Germany, Angola and Mozambique, security researchers at Kaspersky have discovered. This Trojan has been deployed by a Brazil-based threat group Guildma that was behind the recent Astaroth Windows malware as well. Once the Trojan is deployed on a smartphone, the hacker can access the infected device remotely, completing fraudulent transaction with the victim's smartphone without consent.

Kaspersky discovered the Ghimob Trojan while investigating another malware campaign. The Trojan is spread via email that pretends to be from a creditor and provides a link where the recipient could view more information, while the app itself pretends to be Google Defender, Google Docs, WhatsApp Updater, etc. If the recipient falls for the scam and clicks on the link, the Trojan gets downloaded on their handsets.

Once infection is completed, the malware proceeds to send a message to the hacker. This includes the phone model, whether it has screen lock activated, and a list of all installed apps that the malware has as a target including version numbers. Kaspersky says Ghimob spies on 153 mobile apps, mainly from banks, fintechs, cryptocurrencies and exchanges. The report says that this includes about 112 apps from institutions in Brazil, 13 cryptocurrency apps from different countries, nine international payment systems, five bank apps in Germany, three bank apps in Portugal, two apps in Peru, two in Paraguay, and one app each from Angola and Mozambique as well.

With Ghimob, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim's smartphone, so as to avoid machine identification, security measures implemented by financial institutions and all their antifraud behavioural systems. The hacker is also able to bypass screen lock, by recording it and later replaying it to unlock the device. “When the cybercriminal is ready to perform the transaction, they can insert a black screen as an overlay or open some website in full screen, so while the user looks at that screen, the criminal performs the transaction in the background by using the financial app running on the victim's smartphone that the user has opened or logged in to,” researchers at Kaspersky explain.

Ghimob tries to hide its presence by hiding the icon from the app drawer. The malware also blocks the user from uninstalling it, restarting or shutting down the phone. Kaspersky cautions, “Ghimob is the first Brazilian mobile banking trojan ready to expand and target financial institutions and their customers living in other countries. Our telemetry findings have confirmed victims in Brazil, but as we saw, the trojan is well prepared to steal credentials from banks, fintechs, exchanges, crypto-exchanges and credit cards from financial institutions operating in many countries, so it will naturally be an international expansion.”

Kaspersky warns financial institutions to be vary of Ghimob and improve their authentication processes, boost their anti-fraud technology and threat intel data.

Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Kaspersky, Ghimob, Android Trojan, Android Malware
Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
PlayStation 4 Can Now Stream PlayStation 5, Remote Play App Gets Multiplayer, HDR Support

Related Stories

New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky
Comment
 
 

Advertisement

Tech News in Hindi
More Technology News in Hindi
Latest Videos
More Videos

Advertisement

Popular Mobiles
Trending Gadgets
Popular Brands
#Trending Stories
  1. Nokia Streaming Box 8000 With Android TV, 4K Streaming Launched
  2. Samsung Galaxy Note 10 Price in India Cut Across Retail Stores: Report
  3. Redmi SonicBass Wireless Earphones Review
  4. Micromax In 1b Pre-Bookings Start November 10 at 12 Noon via Flipkart
  5. Motorola Moto G Stylus 2021 May Come With Snapdragon 675 SoC
  6. OnePlus Halts OxygenOS 11.0.1.1 Update for OnePlus 8 and 8 Pro
  7. Redmi Note 9 Series May Get New Models on November 11
  8. Assassin’s Creed Valhalla Review: Quantity Over Quality
  9. How to Make Digital Payments via WhatsApp Pay
  10. WhatsApp Gets a Shopping Button to Highlight Business’ Product Catalogues
#Latest Stories
  1. Redmi Note 9 Series 5G Models Price Details Tipped Ahead of Official Launch
  2. Redmi Note 9 Series 5G Models Price Details Tipped Ahead of Official Launch
  3. Nokia 8000 4G Leaked Poster Tips Slider Design Will Be Ditched for Curved Edges
  4. New Ghimob Malware Targeting Financial Global Apps, Offers Remote Access to Hacker: Kaspersky
  5. PlayStation 4 Can Now Stream PlayStation 5, Remote Play App Gets Multiplayer, HDR Support
  6. YouTube Music Adds Activity Bar for Easy Access on Homepage, Multiple Personalised Playlists
  7. OnePlus Nord SE With 65W Fast Charging, AMOLED Display Tipped to Launch Early Next Year
  8. Samsung Galaxy Note 10 Price in India Cut by Rs. 25,000 Across Retail Stores: Report
  9. WhatsApp Gets a Shopping Button, to See What Businesses are Selling on the App
  10. Spider-Man PS4 Save Games Can Be Exported to PS5’s Spider-Man Remastered, Insomniac Says in About-Turn
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com