Skip to Content
© quietbits | Dreamstime.com
Security & privacy

Google, WhatsApp, Flash and other copycat apps are hiding malware

As of March 2020, the amount of new Android malware in circulation spiked to 482,579 per month. Trojans, which disguise themselves as other programs, are the most common of these threats facing Android users as the year drags on.

Trojans are difficult to detect, which makes them perfect for carrying out phishing scams and data theft. Some will even create fake login pages that can steal information their victims type in. Tap or click here to see a Trojan that wannabe hackers can rent.

There is a new threat going around that incorporates a clever scheme. It doesn’t just steal login credentials and banking information. It also masquerades as well-known apps to evade detection.

New Android Trojan has some dirty tricks up its sleeves

Researchers at Kaspersky Labs found a new Trojan that appears to be a major threat to Android users. Ghimob is an Android-centric banking Trojan that spies on victims and steals personal data like login credentials. Researchers believe Brazillian hackers developed it based on the malware’s design of existing Trojans like Alien and Blackrock.

Tap or click here to see how an Android Trojan can steal logins from hundreds of apps.

When Ghimob is installed, it searches your phone for 153 different apps it’s familiar with. If a victim has any of these apps installed, it creates fake login pages that place themselves over the real apps when they’re opened.

The fake login pages are designed to steal passwords and other information the victim types in. The data is sent back to the hackers to exploit or sell as they please.

To make things even more difficult for victims, Ghimob hides by mimicking real apps like Google Defender, Google Docs, WhatsApp Updater, or Flash Update. The biggest tell you’re dealing with Ghimob is a request for Accessibility permissions during installation.

Ghimob mostly targets banking apps, but cryptocurrency apps were recently added to its list thanks to an update. It hasn’t been detected on Google Play, but researchers have found Ghimob circulating through email links and malicious third-party app sites.

Tap or click here to see why third-party app stores can be so dangerous.

How can I protect my phone from Ghimob?

Ghimob’s code hasn’t been found in any Google Play apps so far. You don’t have to delete any apps from your phone unless you recently visited third-party app stores.

Google doesn’t regulate third-party app stores, so the programs they host will sometimes include malware and spam. Tap or click here to see more malware you can find on third-party app stores.

If you believe your phone is infected with Ghimob, restoring it to factory settings is a surefire way to get rid of the malware. Back up your phone first to make sure you’re not losing any important data:

To back up your Android to the cloud:

  1. Open the Settings app on your phone.
  2. Tap System, followed by Backup. If you don’t see it, try searching the Settings app for the word backup. If you still can’t find it, check out Google’s list of manufacturers to find a guide for your device.
  3. Tap Back up now and tap Continue to confirm.

Alternatively, our sponsor IDrive can help you create a secure cloud backup for your Android and all your other devices. Back up your PC, Mac and smartphone into ONE account for one low cost.

 Go to IDrive.com and use the promo code, Kim, to Save 50% on 2 TB of cloud backup now. That’s less than $35 for the first year!

To perform a factory reset on an Android phone, follow these steps:

  1. Go to your phone’s Settings
  2. Tap Backup & Reset
  3. Select Factory data reset
  4. Choose Reset phone
  5. Enter passcode and Erase everything
  6. Reboot

If you have further questions about resetting your Android device, visit Google’s support page for more information.

Because Ghimob can disguise itself as other apps, it may only be a matter of time before it appears on Google Play. Follow these basic precautions to stay safe and keep malware away from your Android.

  • Avoid visiting any app stores other than the Google Play Store.
  • When downloading apps from Google Play, stick to well-known software with high-star ratings and plenty of reviews.
  • Read reviews for apps carefully before downloading and see if you notice any repeating text or obvious spelling and grammar mistakes. Fake reviews are commonly used to trick victims into downloading.
  • Avoid clicking links or attachments sent to you by email or text. This can lead you to phishing sites that host malware like Ghimob. Never download any app that’s shared with you by a link or email.
  • If someone you know sends you an email or text with a download link for an app, check with them to make sure they really sent it. Malware botnets like Emotet can turn email accounts into zombies that spread malware to their contacts. Tap or click here to find out more.
  • If an app you download asks for Accessibility permissions, don’t grant them. This allows the app to control your phone from the back-end.

Let’s hope that Ghimob never makes its way to Google Play. Google’s official app store has enough malware issues to worry about.

Tap or click here to see a recent batch of malware discovered on Google Play.

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now