Ginp Android Trojan disguises as legitimate Banking App notifications and SMS.

Security researchers at Kaspersky have identified a new android Trojan called Ginp that is capable of infecting Android devices. Banking Trojans usually access SMS in android devices to identify the one-time codes, once gaining access to apps, then the Trojan will have extensive access over the device and banking apps in particular. This Ginp Trojan was first detected in October 2019, since then it seems to have evolved and can now send convincing messages luring the users to believe the notifications and messages are from a genuine source.

Power of Ginp Android Trojan

Ginp Android Trojans has all the basic qualities of any other mobile Trojan, but adding to that it can also intercept text messages, steal bank card details, execute phishing in the banking apps using overlay. If this Trojan gets the ‘Accessibility’ permissions, then it can even tap buttons or click links by its own, and finally take complete control over the devices. 

Apart from the above privileges, this Trojan is creative as well. It can send perfectly crafted bank app notifications, that will make your land in the actual app with an overlay that has been phished to assure users that it is legitimate. Please find one such examples for banking app notifications below, 

Suspicious activity detected on your Bank account. Please check recent transactions and call 98*****28.

Apart from the notifications, the Trojan can also create new SMS with malicious links, that when opened or clicked upon will take users to a phishing page where it will be able to extract the data from the bank apps at ease. And above all, this Trojan also seems to have made use of the UPI payments app thus ensuring it impersonates Google pay, Paytm, and other apps.

The Ginp Trojan is now active in Spain, and have hit UK and Poland already. 

How to stay vigilant against Ginp Trojan?

Users need to ensure they follow strong cybersecurity practices. Smartphones have become another attractive target for volumes of data and attackers are aware of that. Targeted Ginp Android Trojan deployment will have high success rates, as it can look legitimate. 

However, below are six best practices from ‘The Cybersecurity Times’ that would help users stay vigilant against Ginp.

• Download apps from the play store only.
• Disable permission to install apps from unknown sources.
• Never click or open links from text messages unless it is from a reliable source.
• Do not grant Accessibility permission to all apps, except the ones that really depend on it.
• When new apps are installed, please ensure you grant permission only to those that they really depend upon. For example, a banking app do need permission for SMS, and it does not need permissions for Accessibility or Gallery.
• Install mobile security solutions that can detect Android Malware, Trojans, and more. 

Since Kaspersky has discovered this threat, they have recommended users to install their mobile security app called Kaspersky AntiVirus that can help users detect the Ginp Trojan.

Android malware can cause serious threats to data security, last month we wrote aboutAndroid malware ‘Xiny‘ that gained root access for escalated privileges.

 Subscribe to ‘The Cybersecurity Times’, for daily alerts on cyber events. You can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.