Cyber security news for all

More

    Ghimob trojan attacks mobile phone users

    The new trojan Ghimob tries to lure victims into installing the malware documents stating that they are in debt. The documents contain a link that supposedly leads to further data. As soon as the trojan is installed, it sends a message to the server about the successful hack. This contains data about the phone, whether it has a lock screen and installed applications that could be hacked.

    Ghimob Can Spy On 153 Different Apps

    These apps are mainly from companies and stock exchanges. Ghimob is a spy that his victim carries around with him all the time. The hackers can remotely access the device and carry out fraudulent information. By using the victim’s phone, they can avoid institutions and their networks from recognizing them, identifying them and taking security measures. Even if the user uses a lock screen pattern, Ghimob is able to install and play it to unlock the device.

    Ghimob
    Same link, different files: ZIP for Windows, APK for Android

    When conducting a transaction, the hackers could display a screen overlay or open some pages. The malware is carried out in the background while the users are looking at their screen. Finance programs that are already open or logged in and that are installed on the device are used.

    The desire of the cyber attackers for a banking malware with worldwide reach has a long history. Security researchers have already identified some hacker groups, who were heavily geared towards the Brazilian companies. In fact, Ghimob is the first mobile trojan in Brazil ready for global expansion. Experts think this new campaign can be linked to the threat for a well known banking malware. This is particularly indicated by the use of the same infrastructure.

    Ghimob detections: Brazil for now, but ready to expand abroad

    To protect devices from such malicious threats, an endpoint with device features should be used. This ensures that only trusted applications from an approved whitelist can be installed on the devices that have access to company information.

    Recent Articles

    Related Stories