SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.ginp (Back to overview)

Ginp


Ginp is a mobile banking software targeting Android devices that was discovered by Kaspersky. The malware is able to steal both user credentials and credit cards numbers by implementing overlay attacks. For this, overlay targets are for example the default SMS application. What makes Ginp a remarkable family is how its operators managed to have it remain undetected over time even and it receiving version upgrades over many years. According to ThreatFabric, Ginp has the following features:

Overlaying: Dynamic (local overlays obtained from the C2)
SMS harvesting: SMS listing
SMS harvesting: SMS forwarding
Contact list collection
Application listing
Overlaying: Targets list update
SMS: Sending
Calls: Call forwarding
C2 Resilience: Auxiliary C2 list
Self-protection: Hiding the App icon
Self-protection: Preventing removal
Self-protection: Emulation-detection.

References
2020-06-18IBM SecurityPavel Asinovsky
@online{asinovsky:20200618:ginp:724e3ef, author = {Pavel Asinovsky}, title = {{Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey}}, date = {2020-06-18}, organization = {IBM Security}, url = {https://securityintelligence.com/posts/ginp-malware-operations-rising-expansions-turkey/}, language = {English}, urldate = {2020-06-19} } Ginp Malware Operations are on the Rise, Aiming to Expand in Turkey
Ginp
2020-06-08Twitter (@ESETresearch)ESET Research
@online{research:20200608:ginp:5379e4f, author = {ESET Research}, title = {{Tweet on Ginp android banking trojan targeting Government of Spain, Ministry of Health}}, date = {2020-06-08}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1269945115738542080}, language = {English}, urldate = {2020-06-11} } Tweet on Ginp android banking trojan targeting Government of Spain, Ministry of Health
Ginp
2020-04-19Youtube (Lukas Stefanko)Lukáš Štefanko
@online{tefanko:20200419:android:7d10bbc, author = {Lukáš Štefanko}, title = {{Android banking Trojan Ginp | Malware demo | infected device | targets Coronavirus trackers}}, date = {2020-04-19}, organization = {Youtube (Lukas Stefanko)}, url = {https://www.youtube.com/watch?v=WeL_xSryj8E}, language = {English}, urldate = {2020-05-05} } Android banking Trojan Ginp | Malware demo | infected device | targets Coronavirus trackers
Ginp
2020-03-24Kaspersky LabsAlexander Eremin
@online{eremin:20200324:people:752ed0f, author = {Alexander Eremin}, title = {{People infected with coronavirus are all around you, says Ginp Trojan}}, date = {2020-03-24}, organization = {Kaspersky Labs}, url = {https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/}, language = {English}, urldate = {2020-03-26} } People infected with coronavirus are all around you, says Ginp Trojan
Ginp
2020-02ThreatFabricThreatFabric
@online{threatfabric:202002:2020:b875962, author = {ThreatFabric}, title = {{2020 - Year of the RAT}}, date = {2020-02}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/2020_year_of_the_rat.html}, language = {English}, urldate = {2020-02-27} } 2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
2019-11ThreatFabricThreatFabric
@online{threatfabric:201911:ginp:2bc223a, author = {ThreatFabric}, title = {{Ginp - A malware patchwork borrowing from Anubis}}, date = {2019-11}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html}, language = {English}, urldate = {2020-01-13} } Ginp - A malware patchwork borrowing from Anubis
Ginp

There is no Yara-Signature yet.