ข่าวประชาสัมพันธ์ Press Releases ข่าวย้อนหลัง หัวข้อข่าว บลอก

Ghimob: new banking malware from Tetrade threat actor targets mobile users worldwide

Information Technology Press Releases วันพฤหัสบดีที่ ๑๙ พฤศจิกายน พ.ศ. ๒๕๖๓ ๑๓:๐๖ น.
ขนาดตัวอักษร: ใหญ่ กลาง เล็ก
Bangkok--19 Nov--Kaspersky

When monitoring a Windows campaign from Guildma banking malware, Kaspersky researchers found URLs distributing not only a malicious .ZIP file for Windows, but also a malicious file that appeared to be a downloader to install Ghimob - a new banking Trojan. Upon infiltrating Accessibility Mode, Ghimob can gain persistence and disable manual uninstallation, capture data, manipulate screen content and provide full remote control to the actors behind it. According to experts, the developers of this very typical mobile Remote Access Trojan (RAT) are heavily focused on users in Brazil but have big plans to expand across the globe. The campaign is still active.

Guildma, a threat actor part of the infamous Tetrade series, known for its scalable malicious activities both in Latin America and other parts of the world, has been working actively on new techniques, developing malware and targeting fresh victims.

Its new creation - the Ghimob banking Trojan - lures victims into installing the malicious file through an email which suggests that the person receiving it has some kind of debt. The email also includes a link for the victim to click on so they can find out more information. Once the RAT is installed, the malware sends a message about the successful infection to its server. The message includes the phone model, whether it has lock screen security and a list of all installed apps that the malware can target. In total, Ghimob can spy on 153 mobile apps, mainly from banks, fintech companies, cryptocurrencies, and exchanges.

When it comes to functions, Ghimob is a spy in the victim's pocket. Developers can remotely access the infected device, completing fraud using the owner's smartphone in order to avoid machine identification and security measures implemented by financial institutions and all of their anti-fraud behavioral systems. Even if the user uses a lock screen pattern, Ghimob is able to record it and replay it to unlock the device. When the developers are ready to perform a fraudulent transaction, they can insert a black or black screen overlay or open some websites in full screen. Then, while the user looks at that screen, the developers perform the fraudulent transaction in the background, using the already opened or logged-in financial app running on the device.

Kaspersky statistics show that apart from Brazil, Ghimob targets are located in Paraguay, Peru, Portugal, Germany, Angola and Mozambique.

"Latin American cybercriminals' desire for a mobile banking Trojan with a worldwide reach has a long history. We have already seen Basbanke, then BRata, but both were heavily focused on the Brazilian market. In fact, Ghimob is the first Brazilian mobile banking Trojan ready for international expansion. We believe this new campaign could be related to the Guildma threat actor, responsible for a well-known Brazilian banking Trojan, due to several reasons, but mainly because they share the same infrastructure. We recommend that financial institutions watch these threats closely, while improving their authentication processes, boosting anti-fraud technology and threat intelligence data, and trying to understand and mitigate all risks of this new mobile RAT family," comments Fabio Assolini, security expert at Kaspersky.

Kaspersky products detect the new family as Trojan-Banker.AndroidOS.Ghimob.
To stay safe from RAT and banking threats, Kaspersky recommends taking the following security measures:

Provide your SOC team with access to the latest threat intelligence (TI). The Kaspersky Threat Intelligence Portal grants access to the company's TI, providing cyberattack data and insights gathered by Kaspersky for more than 20 years.Educate your customers on the possible tricks that malefactors may use. Regularly send them information on how to identify fraud and behave in this situation.Implement an anti-fraud solution, such as Kaspersky Fraud Prevention. It can protect the mobile channel from occurrences when attackers use remote control to perform a fraudulent transaction. For protection, the solution can both detect RAT malware on the device and identify signs of remote control via legal software.

For further details on the new exploits documented above, read the full report on Securelist.
https://securelist.com/ghimob-tetrade-threat-mobile-devices/99228/

ขนาดตัวอักษร: ใหญ่ กลาง เล็ก

ข่าวประชาสัมพันธ์ที่เกี่ยวข้อง

FortiClient แซงหน้าคู่แข่งในการทดสอบ AV-Test.Org

Fortinet ผู้นำด้านระบบรักษาความปลอดภัยแบบ Unified Threat Management (UTM) ได้รับการรับรองความสามารถด้านการป้องกันไวรัสเหนือคู่แข่งอย่าง Symantec, F-Secure, Sophos, McAfee และ Kaspersky Fortinet ผู้บุกเบิกและผู้ให้บริการระบบรักษาความปลอดภัยแบบ multi-threat...

Genomewatch - the alerting agent software for scientific literature databases.

Genomewatch is a software tool that helps scientists and product development specialists with current awareness and biotechnology intelligence monitoring. Brasschaat, Belgium, January 15, 2003. AderA Software announces the release of Genomewatch, an alert...

SSA Global Technologies Completes Acquisition of Infinium Software, Inc.

SSA Global Technologies, Inc. (SSA GT), a worldwide provider of enterprise solutions and services, today announced the completion of its acquisition of Infinium Software, Inc. (NASDAQ: INFM). SSA GT has acquired 100 percent ownership of Infinium as the re...

หัวข้อข่าวที่เกี่ยวข้อง

หัวข้อข่าวยอดนิยม

กรมสรรพากร ธนาคารกรุงเทพ ธนาคารกรุงไทย ธนาคารออมสิน ไปรษณีย์ไทย การบินไทย ธนาคารกสิกรไทย hotmai เพียวริคุ jobbkk ธนาคารไทยพาณิชย์ คาราบาว ดีแทค ไทยพาณิชย์ แจ่มใส เมเจอร์ ธนาคารอาคารสงเคราะห์ 12car กรุงไทย ธนาคารกรุงศรีอยุธยา กระทรวงสาธารณสุข การรถไฟแห่งประเทศไทย มิตซูบิชิ เมืองทอง ธนาคารทหารไทย ตลาดหลักทรัพย์แห่งประเทศไทย ซัมซุง มาม่า วันทูคอล ธนาคารแห่งประเทศไทย กระทรวงพาณิชย์ เวลาประเทศไทย ปตท ธอส บิ๊กซี กรมอุตุ กรมศุลกากร แม็คโคร ธนาคารกรุงศรี กระทรวงการคลัง