Ghimob Malware Danger Is Able To Spy On 153 Android Apps
Watch out for the dangers of Ghimob Malware - A security researcher discovers a Trojan virus that can not only spy on but also steal user data, especially banking data.
The trojan is named Ghimob, which is believed to have been created by the same group that previously created malware in Windows namely Astaroth. As for the researchers who discovered the new type of smartphone virus it is a team of researchers from Kaspersky.
Kaspersky explained that a new Trojan virus named Ghimob infiltrated a malware package in Android applications on sites and servers that had previously been Astaroth's lair. So it can be sure that the apps on the Play Store are still safe from the malware.
Without going through the Play Store, the perpetrator sends the malware via email with a call to download the Android app from their site or server. The malware is also placed on malicious websites, usually on porn sites or gaming sites.
Ghimob Malware Can Spy On 153 Android Apps
Ghimob malware compromised apps mimic apps with well-known names like Google Defender, Google Docs, Whatsapp Updater to Flash Update.
If the user is so careless as to allow access to the app, then the app can then break into the access-giving service that is on the phone.
If that's the case, it will mimic the entire app installed on the user's device, by providing a fake login trap page. When the user logs in, the id and password will be stolen.
So far, the report is known to have occurred on the applications of a number of banks in Brazil. But Kaspersky's latest report says that Ghimob is targeting bank applications in Germany, Portugal, Peru, Paraguay, Angola, and Mozambique.
Ghimob is also known to target cryptocurrency applications. It seems that Ghimob also understands very well the trend of Android users who are currently being widely used as cryptocurrency trading tools.
Once the user's important data is taken over by the hackers behind Ghimob, they will try to drain the account and make illegal transactions on the victim's account.
Kaspersky even noticed that Ghimob malware was being popularly traded among underground, especially hackers from Brazil.