Warning Ghimob new banking malware, mobile users cannot remove

Users need to be very wary of a new type of banking malware called Ghimob that is attacking mobile users globally. 

Kaspersky security has issued a warning about a new type of banking malware - called Ghimob - that is attacking mobile users around the globe.

According to Kaspersky, Guildma is a security threat and is also part of the infamous Tétrade line of malware, known for its destructive activities that have the potential to expand in both Latin America and many countries around the world. They have been very active in the application of new techniques, and developing malware to target new victims.

As a new malware, Trojan Ghimob attacked the banking industry and tricked its victims into installing malicious files through an email message saying that the recipient was in debt.

The email also contains a link to trick the victim into clicking into for more information. Once installed, the malware sends a successful infection message to the server.

"Messages include phone number, screen security lock info and a list of installed apps that may be hacked. Overall, Ghimob can spy on 153 mobile apps, mostly are mobile applications from banks, cryptocurrencies and the stock market "- Kaspersky information security expert.

Functionally, Ghimob acts as a spy in the pocket of the victim. Hackers who develop malicious code can easily access infected devices. They commit fraud using the victim's smartphone to avoid device identification and security measures that financial institutions have in place and evade all systems. behavior-based fraud prevention.

Even when the user uses a lock screen, Ghimob can still record and playback to unlock the device. When the hackers develop malicious code ready to commit a fraudulent transaction, they can insert a black screen or open several websites in full screen mode. Then, when the user locks in the screen, the hackers develop malicious code that conduct fraudulent transactions in the background, through financial applications running on the device.

Kaspersky's statistics show that, in addition to Brazil, Ghimob's attack targets are in Paraguay, Peru, Portugal, Germany, Angola and Mozambique and are expanding globally.

Fabio Assolini, Kaspersky's security expert said: 'Ghimob is Brazil's first mobile banking Trojan ready to expand internationally. We think this new campaign may involve Guildma hacker group, responsible for Brazil's famous Trojan malware, especially because they share the same infrastructure.

Kaspersky's security expert recommends that financial institutions closely monitor these security threats, while improving authentication processes, enhancing anti-fraud technology, and data and information. about the security threat and learn about and minimize all the risks posed by this malicious code.

Lesley Montoya

Update 13 November 2020