[ad_1]
Dubai: “The Gulf”
When Kaspersky researchers followed a campaign using Guildma banking malware on Windows machines, they found web addresses that distributed a ZIP file alongside another malicious file that appeared to be a download tool to install a new horse. banking Trojan called Ghimob.
Ghimob establishes itself during the infiltration of HYPERLINK “https://support.google.com/accessibility/android/answer/6006564?hl=en” the model of the accessibility capabilities of the target smartphone, where it can deactivate manual uninstallation, data capture and manipulation of screen content and allow the parties behind it to fully control the device.
Experts say the developers of this prototype Trojan are focusing on remote access to smartphone users in Brazil, but have ambitious plans to expand worldwide as the campaign continues.
Guildma is one of the digital threats of the infamous Tetrade Cartel, known for its scalable sabotage activities in Latin America and other parts of the world, and actively developing new technologies and developing malware to target more victims. .
The new Ghimob Trojan tricks its victims into installing the malicious file via an email stating that its recipient is required to pay off certain debts, and includes a link that takes them to what is supposed to be complete information about those debts. Once the Trojan is installed, the malware sends a message to your Command and Control server confirming that it has successfully infected the target’s mobile device. The message includes the phone model, a statement about enabling screen lock mode, and a list of all installed apps that the malware might target. The Ghimob Trojan can spy on 153 mobile apps, mainly banking, fintech, cryptocurrency, and banking apps.
Ghimob’s functions make this Trojan a spy in the victim’s pocket. Developers can remotely access the infected device and perform fraud operations through it while avoiding identifying the device and bypassing security measures implemented by financial institutions and anti behavioral systems. -fraud, and Ghimob can also save the device screen lock pattern to be able to unlock it. Whenever scammers are ready to make a fraudulent transaction, they insert a fake black screen or open a website in full screen mode. When the user looks at this screen, the scammers perform the fraudulent transaction in the background after opening and logging into the desired financial app on the device.
Kaspersky statistics show that the Ghimob Trojan has goals in Paraguay, Peru, Portugal, Germany, Angola and Mozambique, in addition to Brazil.
Source link
