As soon as it is transferred to the victim’s Android mobile phone, the “Ginp” banking trojan can receive an order from the hacker to open a web page called “Coronavirus Finder”, which ensures that there are people close to the user infected with the virus.
To find out where these people are, victims are asked to pay 75 cents to reveal the information. If the user agrees, he is immediately transferred to a payment page, where he has to enter his credit card details.
However, once the user enters the data, the amount ends up not being collected, nor does the victim receive any information about the “infected people”. Instead, it is the credit card details that end up in the hands of hackers.
People infected with coronavirus are all around you, says Ginp Trojan
Although in recent times the targets have been mostly individuals residing in Spain – 83% of the victims are Spanish – it appears that hackers are planning to attack other countries.
The hackers try to take advantage of the crisis caused by the coronavirus. They are launching phishing attacks and creating malware on this theme. However, this is the first time that we have seen a banking trojan take advantage of the pandemic. It is alarming, especially since “Ginp” is a very effective Trojan.
In this way, Kaspersky security experts advise users of Android devices to be particularly attentive at this time: pop-ups, unknown web pages and spontaneous messages about the coronavirus must always be viewed with skepticism.
Staying safe from Ginp banking Trojan
How to stay safe from Ginp Banking Trojan:
- Download apps only from Google Play (and disable the option to install apps from other sources).
- Stay skeptical. If something seems suspicious – don’t click. And, most importantly, don’t give any sensitive data such as logins, passwords and payment credentials away.
- Do not give the Accessibility permission to apps that request it, other than anti-virus apps.
- Use a reliable security solution. For example, Kaspersky Internet Security for Android is quite aware of Ginp and detects it as Trojan-Banker.AndroidOS.Ginp.
For staying safe from the coronavirus, we suggest that you follow the WHO’s guidelines.