Ginp is a banking Trojan that is actively being used to impersonate targeted banking apps. The malware brings up a screen on the victims phone and displays a window that mimics the real banking app. First, one is prompted to login with their credentials. The second screen steals the victim's credit card details.
Below you can find links to samples found within PolySwarm's threat detection marketplace. All are available for download (free) and also contain additional file details as well as results from scanning engines detecting the malware.
The original Ginp discovery comes from researchers at ThreatFabric:
“ThreatFabric analysts have recently investigated an interesting new strain of banking malware. The malware was first spotted by Tatyana Shishkova from Kaspersky by end October 2019, but actually dates back to June 2019. It is still under active development, with at least 5 different versions of the Trojan released within the last 5 months (June - November 2019).” - ThreatFabric researchers
Banks that have been observed being targeted include Santander, BBVA, CaixaBank, Evobank, Bankia and Bankinter.
“This kind of malware family updates its targets really fast,” says PolySwarm Security Engineer Javier Botella. “While Ginp is currently targeting banks in Spain, it could easily move to banks in other countries.”
PolySwarm first observed and detected the sample of this malware family in October, 2019.
Samples scanned and available for download free in PolySwarm:
*Researchers and press are welcome to link to PolySwarm scan results in their reporting. Please attribute to PolySwarm.
Learn more here about PolySwarm and how it detects new and emerging malware.