Researchers revealed a new form of Android banking malware “Ginp” that targets Android users through screen overlay attack to steal banking credentials, SMS & credit/debit card particulars to empty victims’ bank account.
First spotted at the end of October 2019, the Ginp malware has since been continuously under development, with 5 different versions of the Trojan issued within 5 months of the period.
With cybercriminals mostly interested in Spanish-based bank users, they are incessantly releasing regular updates; some evidence suggested that the Gip malware copied code from notorious Anubis banking Trojan.
Ginp uses many steps overlay to avoid creating suspicion and the initial version was circulated via fake ” Google Play Verificator” app to steal the only incoming and outgoing SMS data.’
The next version has been issued with a set of new features and spreading via masking as a fake “Adobe Flash Player” app to target some of the social and utility apps.
Later, in August 2019, it impersonated as ‘Adobe Flash Player’ apps bearing many malevolent features. The malware could do overlay attacks and misuse Accessibility Service to become the default SMS app.
After that it recurred in two different versions, attacking social media apps, and then banking apps, respectively, each bearing improved features.