Ginp, the New Banking Trojan Targeting Spain

A few days ago, we discussed the increase in banking trojans in Spain, a type of cyberattack designed to steal users’ banking information.

Today, I want to talk to you about Ginp, the banking trojan that is spreading in Spain and has already affected organizations such as the Ministry of Health.

Ginp’s Objectives

Although it is considered a new trojan, it actually began circulating in other countries in the middle of last year—for example, by impersonating 24 apps from seven Spanish banks on Android.

It is true, however, that with the arrival of COVID-19, cyberattacks have intensified, and it was in February of this year that the first Ginp attack was detected in Spain. What happened?

This cyberattack focused on falsifying incoming SMS messages to obtain information about victims’ bank cards.

Ginp is an Android-exclusive banking trojan whose goal is to steal banking information for illicit purposes. In short, it is a cyberattack like any other, but increasingly difficult to detect due to the use of advanced technologies that current antivirus programs cannot yet identify.

How This Trojan Works

In addition to standard malware functionalities—such as intercepting and sending SMS messages and overlaying windows—it also includes a new feature that inserts fake text messages into the inbox of a regular SMS app.

These fake messages usually impersonate trusted providers (disguised to look identical). They send information about an incident, such as a blocked account, prompting the user to open the app to resolve it. Since the message looks real and comes from a trusted source, the user follows the instructions. At that moment, the trojan overlays the original window and requests the user’s credit card or bank account credentials. This allows the cybercriminal to steal the data.

Ginp is simple but effective. It is expected to increase and spread to other countries in the coming months. Android users should remain alert.

How to Prevent It

Here are some tips:

• Only download apps from the Google Play Store.

• Pay close attention to the permissions apps request. For example, they should not request access to SMS messages.

• Install an antimalware solution on your phone. In the link below, you will find recommendations to keep your smartphone virus-free.

Additionally, for Android devices that your employees use for work, make sure you have clear usage policies in place specifying what is allowed and not allowed on company phones. For this, it is recommended to have a cybersecurity strategy for your company. This way, all areas and departments will know how to act to maintain your company’s IT security.

At ESED, as specialists in cybersecurity solutions, our mission is to keep your IT infrastructure virus-free. To achieve this, we work with a variety of solutions. We invite you to contact us to learn more about how we can help.