A malware is sending fake SMS to steal your banking details – Here’s how to protect yourself
Feb 18, 2020, 14:15 IST
Cybersecurity firm Kaspersky has detected a new version of the Ginp banking Trojan, and it is more powerful than it was before. The malware was first detected in October last year and now, a new version has been spotted.
What is a banking trojan?
A banking trojan is a program that tries to obtain confidential information about users and clients using banking and payment systems. The trojan often intercept OTPs from banks to make a payment without the victim noticing.
What is Ginp?
Ginp is a banking trojan and when it was first spotted, it used to send the victim’s contacts to its creators, stole card data and intercepted text messages. Now, it has started sending users messages and push notifications to get the user to open banking apps. The notifications are designed in a way that the user expects to see a form for entering card details.
It then overlays the app with a phishing window to steal user data. For this, it uses the phone’s accessibility functions that allows it to see the screen and tap buttons or links.
As per the report, in one such instance, a user was sent a notification from the Play Store. The notification said – “We are missing your credit or debit card details. Please use the Play Store app to add them securely.”
When the user clicked on the notification, a form to enter the card details was shown to him. However, this form was not sent by Google Play and any information entered here would directly go to the malware creators.
Similarly, fake SMSes from banks are also being sent to users, warning them that suspicious activity has been detected on their accounts. The trojan is able to create fake SMS with any text from any sender.
How to protect yourself from banking trojans?
New Android flaw Bluefrag exploits your phone's Bluetooth to send malware
Scammers are now using WhatsApp to steal money - here’s how you can protect yourself
New malware on the rampage might target Jio users — and uninstalling it won’t help
Advertisement
What is a banking trojan?
A banking trojan is a program that tries to obtain confidential information about users and clients using banking and payment systems. The trojan often intercept OTPs from banks to make a payment without the victim noticing.
What is Ginp?
Ginp is a banking trojan and when it was first spotted, it used to send the victim’s contacts to its creators, stole card data and intercepted text messages. Now, it has started sending users messages and push notifications to get the user to open banking apps. The notifications are designed in a way that the user expects to see a form for entering card details.
It then overlays the app with a phishing window to steal user data. For this, it uses the phone’s accessibility functions that allows it to see the screen and tap buttons or links.
Advertisement
When the user clicked on the notification, a form to enter the card details was shown to him. However, this form was not sent by Google Play and any information entered here would directly go to the malware creators.
Similarly, fake SMSes from banks are also being sent to users, warning them that suspicious activity has been detected on their accounts. The trojan is able to create fake SMS with any text from any sender.
How to protect yourself from banking trojans?
- Do not click on links in text messages if the message seems suspicious to you.
- Download apps only from the Play Store and do not install apps from unknown sources.
- Do not give accessibility permission to any app that does not require it.
- Be careful while giving apps the permission to access SMS.
- Do not click on suspicious push notifications.
New Android flaw Bluefrag exploits your phone's Bluetooth to send malware
Scammers are now using WhatsApp to steal money - here’s how you can protect yourself
New malware on the rampage might target Jio users — and uninstalling it won’t help