Researchers from Kaspersky found a new malware Ghimob. The newly discovered malware targets mostly financial, banking, and cryptocurrency apps.
By far this malware has stolen data from 153 android apps. The malware spreads through third-party app downloads and e-mails. Ghimob malware mimics popular android apps such as Google Defender, Google Docs, WhatsApp Updater, and many more to count.
The malware is said to be created by the same hacker of Astaroh Windows malware—Guildma.
How does Ghimob malware work?
For the malware to get into action, it requires to be installed. Once it is installed gains all the unnecessary permissions, the malware starts its work. It creates fake login pages of the apps that are already used by the user. After that, it sends all the information on the victim’s phone such as password, as well as the bank credentials to the hacker. And once the hacker gets all the details, he can randomly make transactions without the user’s consent.
“When the cybercriminal is ready to perform the transaction, they can insert a black screen as an overlay or open some website in full screen, so while the user looks at that screen, the criminal performs the transaction in the background by using the financial app running on the victim’s smartphone that the user has opened or logged in to.” researchers at Kaspersky explain.
According to the reports, the malware has infected 112 apps from institutions in Brazil, 13 cryptocurrency apps, 9 international apps, 5 bank apps in Germany, 3 bank apps in Portugal, 2 apps in Peru and Paraguay, and one from Angola and Mozambique.
“Ghimob is the first Brazilian mobile banking trojan ready to expand and target financial institutions and their customers living in other countries. Our telemetry findings have confirmed victims in Brazil, but as we saw, the trojan is well prepared to steal credentials from banks, Fintech, exchanges, crypto-exchanges, and credit cards from financial institutions operating in many countries, so it will naturally be an international expansion.” says researchers from Kaspersky.
Kaspersky mentioned about the Ghimob malware on it’s official blog.