The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Ginp banking Trojan actively targeting banks: here's what you need to know, plus free malware samples

Nov 22, 2019 12:11:52 PM / by PolySwarm Tech Team

Ginp is a banking Trojan that is actively being used to impersonate targeted banking apps. The malware brings up a screen on the victims phone and displays a window that mimics the real banking app. First, one is prompted to login with their credentials. The second screen steals the victim's credit card details.  

Below you can find links to samples found within PolySwarm's threat detection marketplace. All are available for download (free) and also contain additional file details as well as results from scanning engines detecting the malware.  

The original Ginp discovery comes from researchers at ThreatFabric:

“ThreatFabric analysts have recently investigated an interesting new strain of banking malware. The malware was first spotted by Tatyana Shishkova from Kaspersky by end October 2019, but actually dates back to June 2019. It is still under active development, with at least 5 different versions of the Trojan released within the last 5 months (June - November 2019).” - ThreatFabric researchers

Banks that have been observed being targeted include Santander, BBVA, CaixaBank, Evobank, Bankia and Bankinter. 

“This kind of malware family updates its targets really fast,” says PolySwarm Security Engineer Javier Botella. “While Ginp is currently targeting banks in Spain, it could easily move to banks in other countries.”

PolySwarm first observed and detected the sample of this malware family in October, 2019.

Samples scanned and available for download free in PolySwarm: 

Scan permalink: https://polyswarm.network/scan/results/7ff91a2b-23e0-4f8a-91c3-c31914495ddc

Scan permalink: https://polyswarm.network/scan/results/2575b723-1b4e-43f0-b3ed-e00fcb358341

Scan permalink: https://polyswarm.network/scan/results/37c06374-f0f8-4e3d-9270-6bb46b5b15a6

Scan permalink: https://polyswarm.network/scan/results/c2431468-0ad8-444f-89e5-03f0f704ea07

 

*Researchers and press are welcome to link to PolySwarm scan results in their reporting. Please attribute to PolySwarm.

***

Learn more here about PolySwarm and how it detects new and emerging malware. 

 

Topics: Explained, PolySwarm, Research

PolySwarm Tech Team

Written by PolySwarm Tech Team