A new Android banking trojan is capitalising on the global pandemic by tricking users into handing over their card details.
Researchers at Kaspersky have disclosed that the threat actors behind the Ginp banking trojan are up to a new campaign related to COVID-19.
Ginp opens a web-page called Coronavirus Finder after receiving a special command. The interface displays a map detailing the number of people in the local area who have contracted COVID-19.
The page then requests a small sum in order to view the map, and as the message appears convincing many users end up entering their card data to make the transaction.
“As you may remember, Ginp is a very capable banking Trojan that relies on a lot of different lures to make users input their credit card data into forms, so that it can steal it. If you guessed this web-page is just another form aimed at stealing data — you’ve guessed it right!” explained Kaspersky malware analyst, Alexander Eremin.
The entered credit card data goes directly to the criminals: “They don’t even charge you this small sum (and why would they, now that they have all the funds from the card at their command?). And of course, they don’t show you any information about people infected with coronavirus near you, because they don’t have any,” Eremin added.
According to data from Kaspersky Security Network, the majority of users who have been targeted by Ginp are located in Spain.
Android users are recommended to only download apps from the official Google Play marketplace and not to give the Accessibility permission to apps that request it.
The post #Privacy: Researchers warn of new Android banking trojan appeared first on PrivSec Report.