Brazilian virus steals Bitcoin and apps from banks worldwide

12. November 2020 Aus Von admin

After intense investigation, security experts have detected that the threat is worse than initially imagined.

A new Brazilian virus discovered by experts in digital security has been spying at least 110 apps and steals Bitcoin too. The threat is derived from another that was recently discovered.

In the midst of the COVID-19 pandemic, many Brazilians resort to digital payments. This is because, besides avoiding contact with physical money, the digital medium is more practical and faster.

To access the bank account then many resort to the use of mobile applications, even for their practicality of access. However, these accesses can be dangerous if your device has been compromised with some virus or malware.

It is worth mentioning that the operation of the new threat is of global reach.
Brazilian viruses detected by specialists steal Bitcoin and banking applications, in Brazil alone there are 110 apps exposed

In September 2020, a Trojan had been discovered and alerted to several people. Called Guildma, the Brazilian virus that captures Bitcoin from victims around the world gained prominence.

On that occasion, a family of dangerous trojans had been discovered, and Guildma was only one of them. However, investigations on the trojan continued and more dangerous elements of the virus were discovered.

According to a Kaspersky security report, unique features of the Guildma virus were identified. Thus, experts decided to treat it as a new family, called Ghimob.

With Ghimob then those who use banking applications on mobile devices could be exposed. In Brazil alone, for example, there would be 110 apps from banking institutions that can be spied on.

Besides, the Brazilian virus can spy and steal Bitcoin. According to Kaspersky’s survey, Ghimob today is a threat to 13 crypto applications created by brokers in Latin America, mainly.

How is Ghimob acting inside mobile devices?

To protect themselves, Brazilians should be attentive to received messages. The experts informed that the hackers who created the cyber threat usually send messages to the victims.

As they target attacks on banking applications, such messages use social engineering to convince readers to click on the link. When the victims actually click, a trojan is installed on the devices.

After the installation, the trojan starts spying on all the activity of the users of that infected device. Protections such as password and cell phone unlocking patterns are useless against Ghimob, as it easily learns to recognize these security guards.

Furthermore, Kaspersky informs that Ghimob is able to bypass the security of banking and crypto applications. In this way hackers would be able to perform transactions on behalf of the victim without being tracked.

In other words, the threat is serious and attacks numerous countries today, especially in Latin America. Countries in Europe, such as Germany and Portugal, or in Africa, such as Angola and Mozambique, are also on the Ghimob list.

According to Fábio Assolini, Kaspersky’s specialist in Brazil, Ghimob can even steal the victim’s fingerprints. In possession of this information, authentication in banking applications is easily performed.

First Brazilian trojan for mobile banking to be internationalized

Related to Guildma, which works more on Windows platforms, Ghimob is then the newest threat for mobile devices. Created certainly by Brazilians, the trojan that targets banking institutions, and even Bitcoin, may be the first to be „exported“.

This is because, for Assolini, the proximity to the Guildma that already operates outside Brazil should take Ghimob to the world. The threat was alerted by Kaspersky last Monday (9).

The experts ask that banking institutions pay attention to Ghimob and fight the virus to mitigate the risks of the new mobile RAT family. It is worth noting that it is also important for users to be careful about suspicious messages, especially strange links.