Published: June 21, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
A banking Trojan with an odd name isn’t amusing Android smartphone users. In fact, the banking malware called Ginp is wreaking havoc by sending fake SMS text messages and push notifications to its victims. First detected only last year, Ginp is rapidly evolving into a highly successful banking-spoof Trojan. Using SMS and push notifications, the malware warns users that they need to verify account information with their bank or credit card. The handy link provided in the text takes users to their bank or credit card websites where they can input their information, including account numbers and passwords. But wait, there’s more…
When the text link sends Android users to the website, it’s a fake, also called an overlay. Ginp banking Trojan has taken its malware to a whole new level by appearing very legitimate. It copies the look of reputable vendors who are texting users, telling them their account needs attention and may even be blocked until data is provided. Once a user clicks the application link, Ginp overlays the original window with a spoof page designed to grab every bit of data you input. When that happens, your bank account may be as good as gone in the hands of cybercriminals.
Other improvements also separate Ginp from the rest of banking malware. That makes Ginp something that “Android users need to be on alert” about, according to a Kaspersky researcher. Not only does Ginp gain control of SMS messages and use fake web page overlays, it uses the real phone numbers of spoofed banks. Savvy users who call the phone number back to see if it’s legitimate before handing over their data don’t know they are actually calling the hacker. The cyber creep is only too happy to answer your call and confirm they are in fact your bank. Hackers know the text messages will be read sooner or later and are from a “real” financial institution phone number, making them look and sound like the real deal.
To be topical, Ginp also as a scam with a convenient COVID-19 finder that is advertised to find people near you with the virus. Once your phone is infected it will display a webpage that you can enter your credit card number and pay a small fee to stay protected. Sounds great, but of course it’s a scam to steal your payment card information.
Fortunately, there are ways to minimize the risk of Ginp attacks. Start with only installing apps from the official Google Play Store as they check apps for malware, and third-party sellers often don’t do that. Regularly check permissions apps ask for. You may be surprised and shocked by the data they collect, and you should have some control over most app permissions.
Finally, financial institutions always tell customers to go to the official website by typing it in yourself and never follow text links. Banks don’t send links to their websites through SMS messages. Remember, security experts believe Ginp will continue to improve with even more nefarious tricks and it will do so quickly, so be on alert!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org