Ghimob’s developers can remotely access the infected device
Kaspersky researchers found URLs distributing a malicious file that appeared to be a downloader to install Ghimob – a new banking Trojan. Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.
The report reveals that Ghimob can gain persistence and disable manual uninstallation. It can also capture data, manipulate screen content, and provide full remote control to the actors behind it.
According to experts, the developers of this Remote Access Trojan (RAT) are heavily focused on users in Brazil but intend to expand across the globe.
The Ghimob banking Trojan lures victims into installing the malicious file through an email which informs that the person receiving it has some kind of debt. The email also includes a link for the victim to click on.
Even if the user uses a lock screen pattern, Ghimob is able to record it and replay it to unlock the device.
We’ve reported that the most widespread projects in IT were related to security and online data protection, governance, risk, and multifactor authentication.