Attract victims with emails stating that they are in debt.
A new computer virus (malware) called bank Ghimob that attracts victims to install the malicious file through an email stating that they have debts.
The cybersecurity company Kaspersky warned this Friday about the Ghimob banking malware, the latest creation of the Guildma Trojan family, known for its malicious activities in Latin America and other parts of the world.
Ghimob lures victims to install a malicious file via email stating that you are in debt and providing a link where they can get more information.
Once the Remote Access Trojan (RAT) is installed, the malware sends a notification of the infection to your server and includes device model, a list of installed applications, as well as if you have activated the screen lock.
Even if victims have a screen lock pattern, the malware is capable of record and play it then to unlock the device.
This banking virus can spy on up to 153 mobile apps, of which the majority are from banks, fintechs, investment applications and cryptocurrencies.
Once the infection is carried out, the cybercriminal is able to access device remotely and complete the fraud using the victim’s phone, evading automatic identification and the security measures implemented by financial institutions.
When performing the transaction, the cybercriminal overlays a black screen or a web page that occupies the entire screen, so that the victim does not see the movements made in the background.
Ghimob primarily targets users in Brazil, although it also targets Paraguay, Peru, Portugal, Germany, Angola, and Mozambique, according to Kaspersky statistics.