Home News Ginp Banking Trojan Lures Android Users Amidst COVID-19 Outbreak

Ginp Banking Trojan Lures Android Users Amidst COVID-19 Outbreak

Threat Alert! Attackers Use Malicious Email Accounts to Launch BEC Attacks

The outbreak of the novel Coronavirus (COVID-19) is giving rise to threats related to cybersecurity and data privacy. One such threat, according to Kaspersky researchers, is the Ginp Banking Trojan, which takes advantage of Android users. The infamous Trojan is known to steal the credit card credentials of potential victims.

By Pooja Tikekar, Feature Writer at CISO MAG

The Ginp Clickbait

  • Once the Ginp Banking Trojan is downloaded on the victims’ phone, the attacker sends a special command to the Trojan to open a web page titled “Coronavirus Finder.”
  • The Coronavirus Finder web page displays the number of people infected with the virus near the victim’s location.
  • It then asks them to pay 0.75 Euros to see the location of the virus-infected persons.
  • If the victims agree to pay, the Trojan redirects them to a payment page, where the payment details need to be entered.
  • Once the details are entered, the victims are neither charged, nor do they receive any information about the location of the infected persons. Instead, the credit card details of the victims are accessed.

Kaspersky’s Security Expert, Alexander Eremin, said, “Cybercriminals have, for months, attempted to take advantage of the coronavirus crisis by launching phishing attacks and creating coronavirus-themed malware. This is the first time, though, we’ve seen a banking Trojan attempting to capitalize on the pandemic. It’s alarming, particularly since Ginp is such an effective Trojan. We encourage Android users to be particularly vigilant at this time–pop-ups, unfamiliar web pages, and spontaneous messages about coronavirus should always be viewed skeptically.”

Mitigation Measures Against Ginp

Researchers at Kaspersky suggested precautionary measures to avoid exposure to the banking Trojan, which include:

  • Install or update Android apps only from Google Play.
  • Do not click on suspicious links and never give away sensitive information, such as logins, passwords or credit card information.
  • Do not give the Accessibility permission to apps that request it, other than anti-virus apps.

Not the First Time

The Ginp Trojan, which was first discovered in October 2019 by Kaspersky expert Tatyana Shishkova, had targeted Spanish banks as well as legitimate banking apps per bank. The Trojan exploited the Accessibility Service privilege to send messages and make calls, without the knowledge of the victims.


About the Author

Pooja Tikekar is a Feature Writer, and part of the editorial team at CISO MAG. She writes news and feature stories on cybersecurity trends.

More from the author.