The infamous Ginp banking Trojan, which acquired the ability to insert fake text messages into the inbox of a regular SMS app back in March, has now acquired a new functionality — one that takes advantage of the recent pandemic.
Once downloaded on a victim’s phone, the Ginp Trojan can receive a command from the attacker to open a webpage titled “Coronavirus Finder”, which claims there are people nearby infected with the virus.
In order to learn where these individuals are, the victim is asked to pay 0.75 euros on a payments page set up by the hacker to capture the user's credit card details.
Alexander Eremin, security expert at Kaspersky, says: “Cybercriminals have, for months, attempted to take advantage of the coronavirus crisis by launching phishing attacks and creating coronavirus-themed malware. This is the first time, though, we’ve seen a banking Trojan attempting to capitalise on the pandemic. It’s alarming, particularly since Ginp is such an effective Trojan. We encourage Android users to be particularly vigilant at this time—pop-ups, unfamiliar webpages, and spontaneous messages about coronavirus should always be viewed skeptically."
According to UK Action Fraud’s figures for March 2020, coronavirus-related fraud reports, from app infections and phishing e-mails, have increased by 400%, with victims’ losses totally nearly £1 million.