New version of Trojan can invade more than 150 banking applications; Brazil is the main target of criminals
Posted: Sun Jan 19, 2025 6:18 am
A new family of viruses is threatening banking apps in Brazil and other countries in Latin America, Europe and Africa. Called Ghimob, the Trojan is a new version of the Guildma Trojan, this time developed specifically for mobile apps. The new system can invade apps from banks, fintechs, stockbrokers and cryptocurrency brokers to steal victims' data and carry out illegal transactions.
Details of the new virus were released this Thursday (9) by Kaspersky , a company that develops solutions for online security. According to the statement, the threat is ready to be spread internationally, and Brazil would be one of the main distribution points of the malware, with more than 100 banking applications exposed in the country.
Ghimod is a RAT-type Trojan that uses remote access to control the belarus whatsapp list smartphone. This allows criminals to carry out illegal financial transactions using the victim's own smartphone, avoiding detection of the fraud by security technologies normally used by financial institutions.
To carry out transactions, the Trojan manages to unlock the victim's cell phone, even if the individual has a pattern or password to lock it. The criminals then display a white or black screen or a full-screen website to hide their activity. This trick also serves to trick the user into trying to use biometrics to unlock the cell phone, providing their biometric information to the scammers.
According to Kaspersky, the virus is spreading in Brazil through phishing campaigns sent by email. The messages inform people that they have outstanding debts and provide links that supposedly reveal details of these debts — when the customer accesses the links, the Trojan is installed on their cell phone. At this point, the criminals are notified that the infection has been carried out and receive information such as the list of applications installed on the device that can be hacked and whether the user uses a security lock screen.
In Brazil, Ghimob can spy on more than 110 banking apps, according to Kaspersky. Abroad, the threat would be capable of invading 21 cryptocurrency apps and international payment systems in different countries, as well as mobile internet banking services in Germany, Portugal, Peru, Paraguay, Angola and Mozambique.
More than 110 Brazilian banking apps may be vulnerable to the new Trojan — Photo: Rodrigo Fernandes/TechTudo
More than 110 Brazilian banking apps may be vulnerable to the new Trojan — Photo: Rodrigo Fernandes/TechTudo
“Ghimob is the first Brazilian mobile banking trojan ready to be internationalized and we believe that this will not take long, since it shares the same infrastructure as Guildma, a Windows trojan that already operates outside the country,” comments Kaspersky digital security specialist Fabio Assolini.
“We recommend that financial institutions monitor these threats closely to enhance their authentication processes and anti-fraud technologies with threat intelligence data. Understanding their actions is the most effective way to mitigate the risks of this new family of mobile RATs,” says the expert.
Details of the new virus were released this Thursday (9) by Kaspersky , a company that develops solutions for online security. According to the statement, the threat is ready to be spread internationally, and Brazil would be one of the main distribution points of the malware, with more than 100 banking applications exposed in the country.
Ghimod is a RAT-type Trojan that uses remote access to control the belarus whatsapp list smartphone. This allows criminals to carry out illegal financial transactions using the victim's own smartphone, avoiding detection of the fraud by security technologies normally used by financial institutions.
To carry out transactions, the Trojan manages to unlock the victim's cell phone, even if the individual has a pattern or password to lock it. The criminals then display a white or black screen or a full-screen website to hide their activity. This trick also serves to trick the user into trying to use biometrics to unlock the cell phone, providing their biometric information to the scammers.
According to Kaspersky, the virus is spreading in Brazil through phishing campaigns sent by email. The messages inform people that they have outstanding debts and provide links that supposedly reveal details of these debts — when the customer accesses the links, the Trojan is installed on their cell phone. At this point, the criminals are notified that the infection has been carried out and receive information such as the list of applications installed on the device that can be hacked and whether the user uses a security lock screen.
In Brazil, Ghimob can spy on more than 110 banking apps, according to Kaspersky. Abroad, the threat would be capable of invading 21 cryptocurrency apps and international payment systems in different countries, as well as mobile internet banking services in Germany, Portugal, Peru, Paraguay, Angola and Mozambique.
More than 110 Brazilian banking apps may be vulnerable to the new Trojan — Photo: Rodrigo Fernandes/TechTudo
More than 110 Brazilian banking apps may be vulnerable to the new Trojan — Photo: Rodrigo Fernandes/TechTudo
“Ghimob is the first Brazilian mobile banking trojan ready to be internationalized and we believe that this will not take long, since it shares the same infrastructure as Guildma, a Windows trojan that already operates outside the country,” comments Kaspersky digital security specialist Fabio Assolini.
“We recommend that financial institutions monitor these threats closely to enhance their authentication processes and anti-fraud technologies with threat intelligence data. Understanding their actions is the most effective way to mitigate the risks of this new family of mobile RATs,” says the expert.