Guildma, a threat actor associated with the Tetrade malware family, has created a new banking Trojan called Ghimob, which targets Android smartphones by tricking users into installing an app outside of the Google Play store. The trojan has been infecting mobile devices and targeting financial apps from exchanges, banks, and cryptocurrency companies based in Brazil, Peru, Portugal, Paraguay, Mozambique, Angola, and Germany. Once a mobile device is infected, hackers can access the device remotely. Hackers can use overlay screens while they access financial apps, so victims are unwitting to what is taking place. Ghimob is even able to record screen lock patterns and replay them later to access mobile devices. Upon infection the app will terminate itself if it recognizes debugging software. If the victim attempts to uninstall the malware, Ghimob will restart or shutdown the device.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.