A new Android banking trojan is capitalising on the global pandemic by tricking users into handing over their card details.
Researchers at Kaspersky have disclosed that the threat actors behind the Ginp banking trojan are up to a new campaign related to COVID-19.
Ginp opens a web-page called Coronavirus Finder after receiving a special command. The interface displays a map detailing the number of people in the local area who have contracted COVID-19.
The page then requests a small sum in order to view the map, and as the message appears convincing many users end up entering their card data to make the transaction.
“As you may remember, Ginp is a very capable banking Trojan that relies on a lot of different lures to make users input their credit card data into forms, so that it can steal it. If you guessed this web-page is just another form aimed at stealing data — you’ve guessed it right!” explained Kaspersky malware analyst, Alexander Eremin.
The entered credit card data goes directly to the criminals: “They don’t even charge you this small sum (and why would they, now that they have all the funds from the card at their command?). And of course, they don’t show you any information about people infected with coronavirus near you, because they don’t have any,” Eremin added.
According to data from Kaspersky Security Network, the majority of users who have been targeted by Ginp are located in Spain.
Android users are recommended to only download apps from the official Google Play marketplace and not to give the Accessibility permission to apps that request it.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/