Ginp was first recognized by Kaspersky labs in 2019 and was found to have all the capabilities of a standard Android banking trojan. Since a new version has surfaced, a new capability has been added as well. The trojan is now able to place fake text messages directly in the inbox of a regular SMS app. The operators of Ginp make the messages appear like they are coming from a trusted vendor to alert the victim of blocked account access or account changes. In order to fix the issue, the user is requested to open the app that is having the problem. When that is done, Ginp will overlay the app’s window and ask for credit or debit account credentials. If this is done, the victim would have given their credentials to the criminals. “Ginp is simple, but efficient—and effective. And the rate at which it evolves and acquires new capabilities is concerning. While this attack has so far only been seen in Spain, based on our previous experience, this Trojan could begin to emerge in other countries as well; Android users need to be on alert,” stated Alexander Eremin from Kaspersky.
Analyst Notes
It is safest to only download apps from the official Google Play Store. Although it is still possible to be infected via Google Play Store apps, there is much less of a chance of it happening compared to downloading them from untrusted sources. Apps typically should not request access to SMS; if they do, verify the reason why and determine if it is necessary or not. There are also anti-virus solutions available for Android which can be a good defense strategy when dealing with banking trojans and other Android malware.
Source: https://www.deccanchronicle.com/technology/in-other-news/170220/warning-infamous-ginp-banker-now-spurs-victims-to-lose-credentials-vi.html
