Insights, news, education and announcements from PolySwarm

Ginp banking Trojan actively targeting banks: here's what you need to know, plus free malware samples

Written by PolySwarm Tech Team | Nov 22, 2019 5:11:52 PM

Ginp is a banking Trojan that is actively being used to impersonate targeted banking apps. The malware brings up a screen on the victims phone and displays a window that mimics the real banking app. First, one is prompted to login with their credentials. The second screen steals the victim's credit card details.  

Below you can find links to samples found within PolySwarm's threat detection marketplace. All are available for download (free) and also contain additional file details as well as results from scanning engines detecting the malware.  

The original Ginp discovery comes from researchers at ThreatFabric:

“ThreatFabric analysts have recently investigated an interesting new strain of banking malware. The malware was first spotted by Tatyana Shishkova from Kaspersky by end October 2019, but actually dates back to June 2019. It is still under active development, with at least 5 different versions of the Trojan released within the last 5 months (June - November 2019).” - ThreatFabric researchers

Banks that have been observed being targeted include Santander, BBVA, CaixaBank, Evobank, Bankia and Bankinter. 

“This kind of malware family updates its targets really fast,” says PolySwarm Security Engineer Javier Botella. “While Ginp is currently targeting banks in Spain, it could easily move to banks in other countries.”

PolySwarm first observed and detected the sample of this malware family in October, 2019.

Samples scanned and available for download free in PolySwarm: 

Scan permalink: https://polyswarm.network/scan/results/file/0ee075219a2dfde018f17561467272633821d19420c08cba14322cc3b93bb5d5

Scan permalink: https://polyswarm.network/scan/results/file/087a3beea46f3d45649b7506073ef51c784036629ca78601a4593759b253d1b7

Scan permalink: https://polyswarm.network/scan/results/file/5ac6901b232c629bc246227b783867a0122f62f9e087ceb86d83d991e92dba2f

Scan permalink: https://polyswarm.network/scan/results/file/7eb239cc86e80e6e1866e2b3a132b5af94a13d0d24f92068a6d2e66cfe5c2cea

 

*Researchers and press are welcome to link to PolySwarm scan results in their reporting. Please attribute to PolySwarm.

***

Learn more here about PolySwarm and how it detects new and emerging malware.