This new mobile banking Trojan works as default SMS app to steal texts and payment card details, Android users beware

Tatyana Shishkova, an Android malware analyst spotted this mobile banking Trojan, names as Ginp. This app has been passed through several updates and iterations in the past five months to make it capable of what it does.

Ginp was designed to target the users of Spain and the U.K. disguised as Adobe Flash Player. After this, the app took the shape of an SMS app that sets by default and steals all the texts from the user’s phone. All the incoming and outgoing messages are sent to a command and control center. Recently, the app started moving to the payment card details.

At first, it was called the “Google Play Verificator” app. The Trojan banking features started to appear in the app after its second update as the Adobe Flash Player. After it, the SMS app was introduced, where it sets by default.

Once you have set this app as default for SMS, there is no way that you can control what’s next. The app will grant itself several permissions without acknowledging the user. Among which, making calls and sending texts is number one.

In the beginning, Ginp was not a banking Trojan; however, it was made into one to get user payment card credentials through several social and utility apps.

The third generation of the Ginp app was only focused on banking apps. It also consisted of a long list of Spanish banks including Kutxabank, Caixa, EVO Banco and more.

You must be thinking that two-factor authentication might help you? Well, you are wrong. Don’t forget that your SMS are also tracked by Ginp. The app can easily get all your payment credentials without even letting you know.


Anubis source code was leaked this year, which showed rather shocking news. Another banking Trojan, named as Cerberus was found that was entered into the malware-as-a-service business soon after its detection.

Even though many such apps steal the code from Anubis; however, this was not the case with Ginp, that is according to ThreatFabric. This app only shared the code of its predecessors, otherwise, it was made from scratch. However, researchers have found some pieces of Anubis codes in the Ginp when they dug deep into the codes.

Save yourself before Ginp affects you too!


Photo: Bloomberg / Getty Images

Read next: 80 Percent of Online Retailer Sites Are Fake
Previous Post Next Post