A new malware in the form of a Trojan virus called “Ghimob” is plaguing third-party Android applications that mimic legitimate apps to spy and steal user data when downloaded and installed. The new smartphone virus can harvest user data to numerous Android applications, particularly on banks and cryptocurrency.
The Russian multinational cybersecurity company, Kaspersky Labs, recently discovered a new virus that aims to manipulate people and trick them into installing malware applications that would access the phone’s systems. The virus would then steal data from users, primarily targetting online banking details.
According to ZD Net, Kaspersky initially reported the virus and posted its details in Malpedia, a database that sorts and lists discoveries regarding certain viruses’ developments. Here, Kaspersky explains that the “Ghimob” malware is intended for Android’s systems and prey on more than 153 smartphone applications.
Ghimob is a trojan virus created by a specific group that created the Astaroth Windows malware, aiming to steal information related to banks and monetary connections. The security firm discovered that the new trojan hides on legitimate-looking Android applications on the same websites used by the Astaroth (Guildama) force.
Malicious entities are now getting clever and shift their target to Android users as the world transcends to heavy reliance on smartphones powered by Android and iOS. However, Android is one of the most open operating systems globally with numerous tweakable properties, which make it a suitable ground to engage malware spying and information theft.
The new Android malware masquerades itself to look like legitimate applications that users would download and use. This procedure is what “Trojan Horse” viruses use and take advantage of. These fake applications would initially ask to access user data when installing, which users would naturally allow.
Ghimob mostly pops up on the user’s browser as an advertisement that promises a better application experience for known and legitimate names such as Google, WhatsApp, or Adobe. The application it mimics is Google Defender, Adobe Flash Update, WhatsApp Updater, and several more.
The Astaroth also uses email messages, which mostly spams users with promotional advertisements of the “promising Android applications” to help them in their needs. The application mentioned above sounds fake or illegitimate to users who know their way around apps; however, it may be confusing for others.
The malware applications do not distribute under Google Play Store‘s platform, so several safeguards and authentic applications are not affected by the malicious group.
The trojan malware would ask users to allow its services upon installing the application, similar to the prompts whenever downloading from legit Play Store apps. When approved, the malware would launch fake log-ins, which will ask users to re-enter username, password, and other data on applications.
The gathered data would silently be sent to its servers for compilation, and that is how the group accesses private and sensitive information from users. Currently, Ghimob fixates itself in Brazil, Germany, Portugal, Peru, Paraguay, Angola, and Mozambique Android applications and victims.