TIMES24H – International Breaking NewsTIMES24H – International Breaking News
    Facebook Twitter Instagram
    TIMES24H – International Breaking NewsTIMES24H – International Breaking News
    • Hot!
      1. COVID-19
      2. Vietnam
      3. Asia
      4. World
      5. Video
      Featured

      VinFast’s fifth electric vehicle costs less than $30,000

      By Miley SelenaOctober 1, 20230
      Recent

      VinFast’s fifth electric vehicle costs less than $30,000

      October 1, 2023

      VinFast’s fifth electric vehicle costs less than $30,000

      October 1, 2023

      Vietjet offers 50% discount on Business and SkyBoss tickets

      October 1, 2023
    • Business

      POPS Reaches Huge Milestone with 10,000 Enrolled Students

      December 16, 2021

      UrBox raises $2.2 million in Pre-Series A

      December 16, 2021

      One Mount garners two prestigious awards as it celebrates two years of remarkable growth

      October 11, 2021

      IBM and Mercedes develop “Stolen Vehicle Help” for Mercedes me service

      October 5, 2021

      Porsche reports Q3 2021 U.S. retail sales

      October 2, 2021
    • Life
      1. Lifestyle
      2. Recipes
      3. Fashion
      4. View All

      華盛証券獨家加碼派送《夜校》首映門票 與張天賦見面齊觀影 | Media OutReach Newswire

      October 1, 2023

      VinFast officially launches VF 6 in Vietnam

      September 29, 2023

      Green SM reaches the six millionth ride

      September 29, 2023

      GSM officially launches electric scooter ride-hailing services in Ho Chi Minh City

      September 29, 2023

      Cooking tips for a smaller Thanksgiving celebration

      November 18, 2020

      Hanoi: A capital, and a kingdom of egg coffee shops

      November 16, 2020

      4 must-try recipes when you travel to Vietnam

      November 7, 2020

      Cutting-Edge Technology for Top Dentists

      December 24, 2021

      H&M faces boycott in Vietnam over “problematic map”

      April 7, 2021

      Ground-breaking French designer Pierre Cardin dies aged 98

      December 30, 2020

      #HealthGoals: Jessica Simpson shows off 100 lbs weight loss in Christmas pajamas

      December 27, 2020

      Plane captain dies during Miami-Chile flight

      August 17, 2023

      French paintings of Vietnamese life a century ago exhibited in HCMC

      August 17, 2023

      Judge says accused TV contest not rigged

      August 17, 2023

      I don’t know how to tell my Christian parents-in-law I want a divorce

      August 17, 2023
    • Sport
    • Tech
      1. Gadgets
      2. View All

      “Stupid windman” PC assembly experience based on Newegg ChatGPT

      March 29, 2023

      The value of the industrial cloud as an example of “the power of ecosystem, the power of expertise”

      March 29, 2023

      Machbase Releases Open Source Structured Time Series Database “Macbase Neo”

      March 28, 2023

      KISA, 2023 ‘Training to Build Elite Information Security Professionals’…”Double the Size of the Previous Year”

      March 28, 2023

      “Stupid windman” PC assembly experience based on Newegg ChatGPT

      March 29, 2023

      The value of the industrial cloud as an example of “the power of ecosystem, the power of expertise”

      March 29, 2023

      Machbase Releases Open Source Structured Time Series Database “Macbase Neo”

      March 28, 2023

      KISA, 2023 ‘Training to Build Elite Information Security Professionals’…”Double the Size of the Previous Year”

      March 28, 2023
    • PR Newswire
    Media Outreach Newswire
    TIMES24H – International Breaking NewsTIMES24H – International Breaking News
    Home»Breaking News»Ghimob: new banking malware from Tétrade threat actor targets mobile users worldwide
    Breaking News

    Ghimob: new banking malware from Tétrade threat actor targets mobile users worldwide

    Jack NguyenBy Jack NguyenNovember 13, 2020Updated:November 27, 2020No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Ghimob has spread its effect to another nation.
    Share
    Facebook Twitter LinkedIn Pinterest Email

    When monitoring a Windows campaign from Guildma banking malware, Kaspersky researchers found URLs distributing not only a malicious. ZIP file for Windows, but also a malicious file that appeared to be a downloader to install Ghimob  – a new banking Trojan.

    Upon infiltrating Accessibility Mode, Ghimob can gain persistence and disable manual uninstallation, capture data, manipulate screen content, and provide full remote control to the actors behind it. According to experts, the developers of this very typical mobile Remote Access Trojan (RAT) are heavily focused on users in Brazil but have big plans to expand across the globe. The campaign is still active.

    Guildma, a threat actor part of the infamous Tétrade series, known for its scalable malicious activities both in Latin America and other parts of the world, has been working actively on new techniques, developing malware and targeting fresh victims. 

    Its new creation – the Ghimob banking Trojan – lures victims into installing the malicious file through an email which suggests that the person receiving it has some kind of debt. The email also includes a link for the victim to click on so they can find out more information. Once the RAT is installed, the malware sends a message about the successful infection to its server. The message includes the phone model, whether it has lock screen security, and a list of all installed apps that the malware can target. In total, Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.

    When it comes to functions, Ghimob is a spy in the victim’s pocket. Developers can remotely access the infected device, completing fraud using the owner’s smartphone in order to avoid machine identification and security measures implemented by financial institutions and all of their anti-fraud behavioral systems. Even if the user uses a lock screen pattern, Ghimob is able to record it and replay it to unlock the device. When the developers are ready to perform a fraudulent transaction, they can insert a black or black screen overlay or open some websites in full screen. Then, while the user looks at that screen, the developers perform the fraudulent transaction in the background, using the already opened or logged-in financial app running on the device.

    Ghimob has spread its effect to another nation.

    Kaspersky statistics show that apart from Brazil, Ghimob targets are located in Paraguay, Peru, Portugal, Germany, Angola, and Mozambique.

    “Latin American cybercriminals’ desire for a mobile banking Trojan with a worldwide reach has a long history. We have already seen Basbanke, then BRata, but both were heavily focused on the Brazilian market. In fact, Ghimob is the first Brazilian mobile banking Trojan ready for international expansion. We believe this new campaign could be related to the Guildma threat actor, responsible for a well-known Brazilian banking Trojan, due to several reasons, but mainly because they share the same infrastructure. We recommend that financial institutions watch these threats closely, while improving their authentication processes, boosting anti-fraud technology and threat intelligence data, and trying to understand and mitigate all risks of this new mobile RAT family,” comments Fabio Assolini, security expert at Kaspersky.

    Kaspersky products detect the new family as Trojan-Banker.AndroidOS.Ghimob.

    To stay safe from RAT and banking threats, Kaspersky recommends taking the following security measures:

    • Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal grants access to the company’s TI, providing cyberattack data and insights gathered by Kaspersky for more than 20 years.
    • Educate your customers on the possible tricks that malefactors may use. Regularly send them information on how to identify fraud and behave in this situation.
    • Implement an anti-fraud solution, such as Kaspersky Fraud Prevention. It can protect the mobile channel from occurrences when attackers use a remote control to perform a fraudulent transaction. For protection, the solution can both detect RAT malware on the device and identify signs of remote control via legal software.
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    VinFast’s fifth electric vehicle costs less than $30,000

    October 1, 2023

    VinFast’s fifth electric vehicle costs less than $30,000

    October 1, 2023

    Vietjet offers 50% discount on Business and SkyBoss tickets

    October 1, 2023

    Leave A Reply Cancel Reply

    Latest News

    VinFast’s fifth electric vehicle costs less than $30,000

    October 1, 2023

    VinFast’s fifth electric vehicle costs less than $30,000

    October 1, 2023

    HOHEM Unveils Cutting-Edge Stabilizers, Earns Top 10 Recognition at KITAS 2023

    October 1, 2023

    華盛証券獨家加碼派送《夜校》首映門票 與張天賦見面齊觀影 | Media OutReach Newswire

    October 1, 2023
    DMCA.com Protection Status
    Facebook Twitter Instagram Pinterest
    © 2023 TIMES24H. Regn. No. 0316487598. All rights reserved

    Type above and press Enter to search. Press Esc to cancel.