Recently, Kaspersky Lab researchers discovered a malicious hacking activity that deceived users by disguising themselves as a coronavirus detector. Researchers say the campaign is spreading an Android Trojan banking called “Ginp.”
“After Ginp receives a special command, it opens a web-page called Coronavirus Finder. It has a simple interface that shows the number of people infected with the coronavirus near you and urges you to pay a small sum to see the location of those people.”
Due to the recent outbreak of coronavirus in Spain, Spain has become one of the most infected countries. The hacker group targeted Spain. Kaspersky researchers said that after users were infected by the malicious program, once they filled in credit card data, the system would upload the data directly to the criminals’ server. Based on the analysis of the research data, researchers called the program a new variant of the “flash-2” Ginn Trojan, and most of the victims are currently in Spain.
“Cybercriminals have, for months, attempted to take advantage of the coronavirus crisis by launching phishing attacks and creating coronavirus-themed malware. This is the first time, though, we’ve seen a banking Trojan attempting to capitalise on the pandemic. It’s alarming, particularly since Ginp is such an effective Trojan. We encourage Android users to be particularly vigilant at this time—pop-ups, unfamiliar webpages, and spontaneous messages about coronavirus should always be viewed skeptically,” says Alexander Eremin, a security expert at Kaspersky.
The researchers also made some suggestions for preventing the virus. First, download applications only from Google Play and prohibit users from installing applications from other sources. If you find something suspicious in the system, please don’t click and don’t fill any sensitive data such as login name, password, and payment credentials. At the same time, the most important thing is to use a reliable security solution.