Posted on November 28, 2019 at 4:43 PM
Now given the interesting name of Ginp, this is one trojan that is giving many security experts sleepless nights. It has proven to be that elusive malware that keeps evolving. Experts at ThreatFabric have been taking time to track and observe this new threat.
The Amsterdam-based cybersecurity venture has described the threat as an interesting novel strain of banking malware. Called Ginp, its mode of distribution is said to be via Adobe Flash Player.
Trouble on the Horizon
The first time this bug was noticed was in late October when Tatyana Shishkova detected it. Shishkova works with Kaspersky as an Android malware analyst.
At the moment, it is believed that the primary target for the bug happens to be users in Spain and the United Kingdom. Analysts are of the opinion that the Trojan came into existence in the middle of June of this year. They further added that it is believed that the bug is not even fully developed yet and it is still being worked upon by whoever designed it.
The analysts also clarified that cybercriminals have launched nothing less than five different types of Ginp in the past five months alone. This is said to reflect the passion with which the criminals are using to push their agenda and work on the Trojan.
The security experts at ThreatFabric are of the opinion that Ginp is in a different category and should be handled as such. This is because the Trojan has its codebase designed entirely from the ground up but that is not even all. The designers are always working on constantly improving on it and this they do via regular updates.
Of late, it has been clearly observed that those who are being targeted are banks that are predominantly domiciled in the southern European nation of Spain. The code that was used in Gino is one that was taken from the one used for another notorious Trojan. The bug that is being referred to here is the one known as Anubis.
The experts also stated that there is a lot of shared features between the codes that were used in the development of these bugs. However, that is not to state that Ginp is a direct replica of Anubis.
What can be truly reached as a conclusion here is that Ginp can be described as being inspired by the Anubis malware? This explains why Ginp has some lines of code that are very similar to the ones also used for Anubis. They also share many components.
As for the manner of functionality, the Ginp bug works by infiltrating the targeted gadget by pretending to be a real and genuine application. Immediately the bug is able to get access to the said gadget, it conceals the application icon and then demands the Accessibility Service permissions.
Once the user gives permission, it immediately gives the bug dynamic permissions. From that moment onwards, it is free to wreak as much havoc as possible.