SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.ginp (Back to overview)

Ginp


Ginp is a mobile banking software targeting Android devices that was discovered by Kaspersky. The malware is able to steal both user credentials and credit cards numbers by implementing overlay attacks. For this, overlay targets are for example the default SMS application. What makes Ginp a remarkable family is how its operators managed to have it remain undetected over time even and it receiving version upgrades over many years. According to ThreatFabric, Ginp has the following features:

Overlaying: Dynamic (local overlays obtained from the C2)
SMS harvesting: SMS listing
SMS harvesting: SMS forwarding
Contact list collection
Application listing
Overlaying: Targets list update
SMS: Sending
Calls: Call forwarding
C2 Resilience: Auxiliary C2 list
Self-protection: Hiding the App icon
Self-protection: Preventing removal
Self-protection: Emulation-detection.

References
2022-09-22Github (muha2xmad)Muhammad Hasan Ali
Technical analysis of Ginp android malware
Ginp
2020-06-18IBM SecurityPavel Asinovsky
Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
Ginp
2020-06-08Twitter (@ESETresearch)ESET Research
Tweet on Ginp android banking trojan targeting Government of Spain, Ministry of Health
Ginp
2020-04-19Youtube (Lukas Stefanko)Lukáš Štefanko
Android banking Trojan Ginp | Malware demo | infected device | targets Coronavirus trackers
Ginp
2020-03-24Kaspersky LabsAlexander Eremin
People infected with coronavirus are all around you, says Ginp Trojan
Ginp
2020-02-01ThreatFabricThreatFabric
2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
2019-11-01ThreatFabricThreatFabric
Ginp - A malware patchwork borrowing from Anubis
Ginp

There is no Yara-Signature yet.