A new strain of malware, called ‘Ghimob,’ first unleashed in Brazil, is making its way around the internet, infecting up to 153 Android apps…
Security experts at Kaspersky have published a report detailing a new Android banking trojan. The malicious software package possesses the ability to not only spy on legitimate mobile applications, but also, to steal sensitive data from them. Security researchers believe the group of hackers who developed the Astaroth (Guildma) Windows malware are the same ones behind the new threat actor, Ghimob.
New ‘Ghimod’ Malware Steals Data from 153 Android Apps
Kaspersky warns the new Android trojan is being packaged within other malicious apps. These appear on sites and servers previously used during the Astaroth (Guildma) Windows malware operation. However, Ghimob has never been available on the official Google Play Store. Instead, it relies on group emails and nefarious sites that redirect potential victims to websites promoting infected Android apps.
In order to fool unsuspecting consumers, these apps imitate official mobile software programs. Names include such familiar brands as Google Defender, Google Docs, WhatsApp Updater, and Flash Update. Anyone tricked into installing the infected apps gives the malware the permissions it needs to search for as many as genuine 153 apps. Then, it displays fake login pages to steal victims’ credentials. Thereafter, the malicious code can easily access victims’ accounts and initiate illegal transactions.