Alert for virus stealing financial data on Android devices – Devices – Technology

eye! Several tech pages warned about malicious software (malware) worldwide expansion plans which is part of the so-called banking Trojans whose goal is to steal the financial information of mobile device users and, subsequently, their money.

It is known as Ghimob and is’ linked ‘to generations of Guildma Trojans, which have been threatening cybersecurity in several Latin American countries since 2015, when they were first activated, according to the specialized portal’ iT Digital Security ‘.

However, the Guildma did not receive the attention of much of the public until early 2019. when thousands of cyber victims were reported, mostly from Brazil.

(It might interest you: the US won’t ban TikTok after a court ruling).

At the time, the cybersecurity news portal “WeLiveSecurity” described Guildma as “the most powerful and advanced banking trojan in Latin America”.

In principle, this family of viruses only affects Windows operating systems by inserting unwanted e-mails (“spam”) in which files are attached which, when downloaded, “open the door” to the Trojan.

As clarified by “WeLiveSecurity”, malicious files were accompanied by warning messages, requests for help and could even be disguised as internal bank communications.

“¿Can you tell me what these photos mean? I am attentive to your explanation“was the example that the same portal has created one of the formats most used by cybercriminals. Sometimes people download the alleged images and the Trojan makes them its own on their devices.

Ghimob, therefore, could be defined as a ‘mutation’ or version of the Guildma, but with the ability to affect Android systems.

Dissecting Ghimob

One of the most cited features of Ghimob by specialized portals is this it can hide its real management server, making it difficult to detect.

This Trojan accesses devices using rogue application installers which are hosted on pages managed by Guildma and are only accessible from the browser. This means that Ghimob is not on Google Play, so downloading official banking apps from that store poses no risk in this case.

In addition, the Secure List company warns that the “modus operandi” of malicious online pages includes offers of links to answer questions.

“The app disguises itself as Google Defender, Google Docs, WhatsApp Updater, etc.”, is when the malicious file download (.APK) is connected, which is the one used in the installation of applications on Android.

Once inside, the virus prevents you from shutting down or restarting your device if you try to remove the Trojan manually. It is also able to record the security pattern and intervene in banking operations without the user’s consent.

On the other hand, on the extent of its “tentacles”, Secure List adds that Ghimob has the ability to spy 153 mobile applications “mainly from banks, fintechs, cryptocurrencies and investment apps”, distributed in 112 Brazilians and the rest in payment systems and banks in Germany, Portugal, Peru, Paraguay, Angola and Mozambique.

(See also: Pope Francis talks about artificial intelligence and robotics.)

It also plans to expand to other countries, such as China, India and the United States, but for now no one is excluded.

Cyber ​​security recommendations

Although no Ghimob casualties have been documented in Colombia so far, experts from the cited sources point out that the best prevention is to be wary of any suspicious web page for downloading applications.

If an app is available on Google Play, it is best to download it from there and not from a web page.

(In other news: Robot writes an article and says it is “useless to eradicate humanity”).

Similarly, Secure List asks financial institutions to “be vigilant against these threats, to improve their authentication processes, their anti-fraud technologies and their threat data intelligence”

For last Don’t rule out the use of paid security tools that can detect Remote Access Trojans (RATs).

WEATHER Trends