Hundreds of Android applications are being targeted by Ghimob banking trojan

A Brazillian threat group has launched Ghimob banking trojan in multiple countries.

Researchers have reported that the banking trojan has been deployed by a Brazillian group dubbed Guildma. The trojan is named Ghimob. It is a Remote Access Trojan that invades Android mobile devices through email disguised as related to debt payment.

The researchers have claimed that the criminals are trying to expand their operations through infecting mobile devices in Europe, Latin America, and possibly the USA with spyware. However, it is worth noting that the trojan is being hosted on third-party domains and not on Google Play Store.

Guildma uses phishing emails to distribute malware and lures unsuspecting users to click on malicious URLs, downloading the Ghimob APK installer. Once installed on the android device, the trojan works similarly to any other mobile RAT.

Once installed the botnet informs the hacker about its success and shares various sensitive information about the targeted device. A list of installed applications, security PIN, and phone model are some of the shared information.

Ghimob helps attackers gain full control over the device remotely to take screenshots and record the text the user types in mobile apps or online fields, and use the microphone. It exploits the device’s accessibility features to ensure persistence, capture keystrokes, disable manual uninstallation, provide the device’s full control, and manipulate screen content.

NPAV recommends users always use trusted app stores for downloading the required applications. Any third-party store with improper policies can have malicious apps in it. These apps when downloaded can harm user devices and steal from them.

Install NPAV on your devices to keep them protected from all kinds of cyberattacks. Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

*