This program has been named Ginp.
This is a new threat that targets exclusively smartphones running the Android system. This program, it seems, takes over the code another virus, Anubis, virus that had already done a lot of damage on several thousand smartphones some time ago now. This program allows itself to subscribe its victims to paid services without even asking for their consent.
This article will also interest you: IPhone: iVerify, an app to allow you to identify piracy on your iOS mobile
it was spotted by the cybersecurity company based in Moscow, Kaspersky. according to ThreatFrabric, another company specialising in security computer, this malware, probably in circulation since June, as it describes in a report published last month.
As noted above, the purpose of this malware is to empty your bank account. According to researchers at the computer security firm ThreatFabric, the publishers of this program were very strongly inspired by another malware that had plagued in its time. And this software is called Anubis. But unlike the latter, Ginp, the malware we are talking about here, has not yet managed to break into Google's app store, the Play Store. This has reduced the potential names of his victims considerably.
ThreatFabric researchers explain a little how the application works by pointing out that "Ginp malware pretends to be legitimate and popular applications, or even benevolent apps on APK file referencing sites. There would be at least 5 versions of the malware that would look like Adobe Flash Player or Google Play Verificator. ». Once the app is installed on the victim's phone, it will proceed with the removal of its own icon so that the smartphone user forgets it. After gaining access to smartphone accessibility services, the malware would then be able to perform certain tasks such as texting, making phone calls and otherwise executing malicious commands without the smartphone user noticing. In this way, it will then be able to perform certain phishing practices that may consist of displaying fake pages in order to recover very important data that can allow access to your bank accounts.
It may even in some cases ask you for your credit card details, under certain conditions you want to download an app from the Play Store. Of course, as soon as you give them this information on a silver platter, hackers will empty your account and sell your data for sure on the dark web.
in practice it has been noticed that the virus acts much more on applications related to Spanish banks. but taking into account its current expansion, it can easily spread to Europe. That's why experts always recommend not downloading apps out of Google's official store.
Now access an unlimited number of passwords: