Home Articles How a Malware Fakes SMS & Steals User’s Banking Details

How a Malware Fakes SMS & Steals User’s Banking Details


Recently, security researchers revealed that a malware fakes incoming SMS and then steals banking details. Read on to know more about it…

Recently, security researchers revealed that a malware fakes incoming SMS and then steals banking details. Researchers at cybersecurity firm Kaspersky have identified a new version of the Ginp banking Trojan that can insert fake text messages into the Inbox of a regular SMS app in a bid to obtain banking credentials of unsuspecting users.

About Ginp
Ginp is a banking trojan and when it was first spotted, it used to send the victim’s contacts to its creators, stole card data and intercepted text messages. Now, it has started sending users messages and push notifications to get the user to open banking apps. The notifications are designed in a way that the user expects to see a form for entering card details. It then overlays the app with a phishing window to steal user data. For this, it uses the phone’s accessibility functions that allows it to see the screen and tap buttons or links.

As per the report, in one such instance, a user was sent a notification from the Play Store. The notification said – “We are missing your credit or debit card details. Please use the Play Store app to add them securely.” When the user clicked on the notification, a form to enter the card details was shown to him. However, this form was not sent by Google Play and any information entered here would directly go to the malware creators. Similarly, fake SMSes from banks are also being sent to users, warning them that suspicious activity has been detected on their accounts. The trojan is able to create fake SMS with any text from any sender.

Working Mechanism
Ginp banking Trojan urges unsuspecting users to open their banking apps with SMS and push notifications, then overlays these apps and steals banking credentials. These SMS messages appear under the guise of reputable vendors informing users about an undesired event like blocked account access.

Having infiltrated a smartphone, most mobile banking Trojans try to gain access to SMS messages. They do so to intercept one-time confirmation codes from banks. Armed with such a code, the Ginp Trojan developers can make a payment or siphon off funds without the victim noticing. Simultaneously, several smartphone Trojans use text messages to infect more devices by sending the victim’s contacts a malicious download web link. Some malicious apps are more creative, using SMS access to distribute other things in your name, such as offensive text messages.

To prevent the Ginp banking Trojan, the user is advised to open the application. Once victims do that, the Trojan overlays the original window and asks them to input the credentials for a credit card or a bank account. As a result, their payment details are handed over to cybercriminals.

The following tips helps users to mitigate the Ginp banking Trojan

* Do not click on links in text messages if the message seems suspicious to you.

* Download apps only from the Play Store and do not install apps from unknown sources.

* Do not give accessibility permission to any app that does not require it.

* Be careful while giving apps the permission to access SMS.

* Do not click on suspicious push notifications.


Please enter your comment!
Please enter your name here

+ 54 = 58