New 'Ghimob' malware can spy on 153 Android mobile applications | ZDNet
New ‘Ghimob’ malware can spy on 153 Android mobile applications | ZDNet
Security researchers have discovered a new Android banking trojan that can spy and steal data from 153 Android applications.
ZDNet Recommends Best Samsung phones in 2020: Galaxy S20 Ultra 5G, Galaxy Note 10 Plus, and more
Samsung offers a range of smartphones — with the A-series, S-series, Note line, and new foldables.
Named Ghimob , the trojan is believed to have been developed by the same group behind the Astaroth (Guildma) Windows malware, according to a report published on Monday by security firm Kaspersky.
Kaspersky says the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth (Guildama) operation.
Distribution was never carried out via the official Play Store.
Instead, the Ghimob group used emails or malicious sites to redirect users to websites promoting Android apps.
These apps mimicked official apps and brands, with names such as Google Defender, Google Docs, WhatsApp Updater, or Flash Update. If users were careless enough to install the apps despite all the warnings shown on their devices, the malicious apps would request access to the Accessibility service as a final step in the infection process.
If this was granted, the apps would search the infected phone for a list of 153 apps for which it would show fake login pages in an attempt to steal the user’s credentials.
Most of the targeted apps were for Brazilian banks, but in recently updated versions, Kaspersky said Ghimob also expanded its capabilities to start targeting banks in Germany (five apps), Portugal (three apps), Peru (two apps), Paraguay (two apps), Angola and Mozambique (one app per country).
Furthermore, Ghimob also added an update to target cryptocurrency exchange apps in attempts to gain access to cryptocurrency accounts, with Ghimob following a general trend in the Android malware scene that has slowly shifted to target cryptocurrency owners.
After any phishing attempt was successful, all collected credentials were sent back to the Ghimob gang, which would then access a victim’s account and initiate illegal transactions.
If accounts were protected by hardened security measures, the Ghimob gang used its full control over the device (via the Accessibility service) to respond to any security probes and prompts shown on the attacked smartphone.
Ghimob’s features aren’t unique, but actually copy the make-up of other Android banking trojans, such as BlackRock or Alien .
Kaspersky noted that Ghimob’s development currently echoes a global trend in the Brazilian malware market , with the very active local malware gangs slowly expanding to target victims in countries abroad.
MacroDroid for Android SEE FULL GALLERY 1 – 5 of 8 NEXT PREV Security KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others The rise of the social bandits: How politics, injustice shapes how we view hacktivism Best security keys: Hardware two-factor authentication for online protection Best security cameras for business: Google Nest, Ring, Scout, and more Cyber security 101: Protect your privacy from hackers, spies, and the government How to keep connected cars safe from cyber attacks (ZDNet YouTube) Top 6 cheap home security devices in 2020 (CNET) Cybersecurity best practices: An open letter to end users (TechRepublic)