Recently, researchers exposed a novel form of banking malware, known as “Ginp,” which exists in at least five different strains. The malware appears to have been created from scratch, although it contains code copied from the well-known Anubis banking Trojan. Initially, it posed as a “Google Play Verifactor” app.
Once loaded onto a device, the malware functions by “…removing its icon from the app folder. It will then ask the victim for the Accessibility Service privilege. Once the user grants the requested Accessibility Service privilege, Ginp grants itself additional permissions required to send messages and make calls, without the victim knowing,” reports CISO Magazine.
The features that Ginp embeds include:
- Overlaying: Dynamic (local overlays obtained from the C2)
- SMS harvesting: SMS listing
- SMS harvesting: SMS forwarding
- Contact list collection
- Application listing
- Overlaying: Targets list update
- Self-protection: Emulation-detection and more.
The focus appears to be on Android users connected to Spanish banks, although the threat could spread. Get the full story from Bleeping Computer.