Security researchers are warning of a new Android banking Trojan that tricks users into handing over their card details in return for information on who’s infected with Covid-19 in their local area.
The Ginp Trojan is not entirely new; Kaspersky has observed campaigns before using the malware to trick users mainly in Spain into handing over their financial details. However, the naming convention of the new version hints that it’s now ready to go global.
This latest iteration opens a web page on the victim’s Android device after receiving a special command. This ‘Coronavirus Finder’ purports to show a map view detailing the number of people in the local area that have contracted the Covid-19 virus.
Using tried-and-tested social engineering techniques, it states how many people there are infected near the user and requests a small charge, just €0.75, to view the map.
“As you may remember, Ginp is a very capable banking Trojan that relies on a lot of different lures to make users input their credit card data into forms, so that it can steal it. If you guessed this web-page is just another form aimed at stealing data — you’ve guessed it right,” explained Kaspersky malware analyst, Alexander Eremin.
“Once you fill in your credit card data, it goes directly to the criminals … and nothing else happens. They don’t even charge you this small sum (and why would they, now that they have all the funds from the card at their command?). And of course, they don’t show you any information about people infected with Coronavirus near you, because they don’t have any.”
To keep the Trojan at bay, Eremin urged Android users to only download apps from the official Google Play marketplace, to use AV on their handsets and to not grant the accessibility permission to any apps that request it, other than AV apps.