These messages appear under the guise of reputable vendors informing users about an undesired event.
Kaspersky researchers identified a new version of the Ginp banking Trojan, first discovered by the company’s analyst in 2019. Apart from the standard functions of Android-focused bankers – capacities to intercept and send SMS, perform window overlays – the new resurfaced version involves a highly unconventional function to insert fake text messages into the Inbox of a regular SMS app.
These messages appear under the guise of reputable vendors informing users about an undesired event (blocked account access, for example). To prevent this, the user is requested to open the application. Once victims do that, the Trojan overlays the original window and asks them to input the credentials for a credit card or a bank account. As a result, their payment details are handed over to cybercriminals.
“Ginp is simple, but efficient—and effective. And the rate at which it evolves and acquires new capabilities is concerning. While this attack has so far only been seen in Spain, based on our previous experience, this Trojan could begin to emerge in other countries as well; Android users need to be on alert,” says Alexander Eremin, Security expert at Kaspersky.
Kaspersky products successfully detect and block the threat.
To reduce the risk of being exposed to Ginp or other banking Trojans, Kaspersky experts recommend: