New Brazilian malware targets over 150 financial apps

Ghimob’s developers can remotely access the infected device

Kaspersky

New Brazilian malware targets over 150 financial apps. Source: pexels.com

Kaspersky researchers found URLs distributing a malicious file that appeared to be a downloader to install Ghimob – a new banking Trojan. Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.

The report reveals that Ghimob can gain persistence and disable manual uninstallation. It can also capture data, manipulate screen content, and provide full remote control to the actors behind it.

According to experts, the developers of this Remote Access Trojan (RAT) are heavily focused on users in Brazil but intend to expand across the globe.

The Ghimob banking Trojan lures victims into installing the malicious file through an email which informs that the person receiving it has some kind of debt. The email also includes a link for the victim to click on.

Even if the user uses a lock screen pattern, Ghimob is able to record it and replay it to unlock the device.

Latin American cybercriminals’ desire for a mobile banking Trojan with a worldwide reach has a long history. We have already seen Basbanke, then BRata, but both were heavily focused on the Brazilian market. In fact, Ghimob is the first Brazilian mobile banking Trojan ready for international expansion. We believe this new campaign could be related to the Guildma threat actor, responsible for a well-known Brazilian banking Trojan, due to several reasons, but mainly because they share the same infrastructure. We recommend that financial institutions watch these threats closely while improving their authentication processes, boosting anti-fraud technology and threat intelligence data, and trying to understand and mitigate all risks of this new mobile RAT family
Fabio Assolini, security expert at Kaspersky

We’ve reported that the most widespread projects in IT were related to security and online data protection, governance, risk, and multifactor authentication.

SEE ALSO:

Categories: All materials News Tech