New 'Ghimob' malware can spy on 153 Android mobile applications

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Security researchers have discovered a new Android banking trojan that can spy and steal data from 153 Android applications.

Named Ghimob, the trojan is believed to have been developed by the same group behind the Astaroth (Guildma) Windows malware, according to a report published on Monday by security firm Kaspersky.

Kaspersky says the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth (Guildama) operation.

Distribution was never carried out via the official Play Store. Instead, the Ghimob group used emails or malicious sites to redirect users to websites promoting Android apps.

These apps mimicked official apps and brands, with names such as Google Defender, Google Docs, WhatsApp Updater, or Flash Update. If users were careless enough to install the apps despite all the warnings shown on their devices, the malicious apps would request access to the Accessibility service as a final step in the infection process.

If this was granted, the apps would search the infected phone for a list of 153 apps for which it would show fake login pages in an attempt to steal the user's credentials.

Most of the targeted apps were for Brazilian banks, but in recently updated versions, Kaspersky said Ghimob also expanded its capabilities to start targeting banks in Germany (five apps), Portugal (three apps), Peru (two apps), Paraguay (two apps), Angola and Mozambique (one app per country).

Full report by researchers from Kaspersky:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top