11/20/2020 3:34 PM
Updated 11/20/2020 3:34 PM
computer virus (
lures victims to
install the malicious file
through an email claiming they are in
The cybersecurity company Kaspersky warned this Friday about the Ghimob banking malware,
the latest creation of the Guildma family of Trojans
, known for its malicious activities in Latin America and other parts of the world.
Ghimob lures victims to install
a malicious file through an email
stating that they are in debt and offering a link where they can get more information.
Once the Remote Access Trojan (RAT) is installed, the malware sends a notification of the
infection to its server
and includes the device model
, a list of installed applications, as well as whether the screen lock is enabled.
Even if the victims have a screen lock pattern, the malware is able to
record it and play it back
later to unlock the device.
This banking virus can spy on up to
153 mobile applications
, of which the majority are from banks, fintechs, investment applications and cryptocurrencies.
Once the infection has been carried out, the cybercriminal is able to
access the device remotely
and complete the fraud using the victim's phone, evading automatic identification and security measures implemented by financial institutions.
When carrying out the transaction, the cybercriminal overlays a black screen or a web page that occupies the entire screen, so that the victim does not see the movements made in the background.
Ghimob primarily targets users in Brazil, although it also targets Paraguay, Peru, Portugal, Germany, Angola, and Mozambique, according to Kaspersky statistics.