Written by Guido Ronchetti, CTO at XTN Cognitive Security®
Recently a new trojan named Ghimob has been targeting mobile banking apps all around the world. This Remote Access Trojan (RAT) malware aims to steal the victim’s banking credentials granting fraudster access to the banking account. The malware can also take control of the device to bypass Strong Customer Authentication (SCA) processes.
This trojan has been targeting Brazil; anyhow, it is also starting to threaten Europe, the United States, and India.
WHAT IS A RAT?
A Remote Access Trojan, aka RAT, is malicious software that provides the attacker unlimited access to the victims’ endpoints.
HOW DOES IT WORK?
This trojan typically aims to steal sensitive information about the user or the services it accesses. Often the RATs are manually checked by the attacker to perform operations on the victim’s endpoints. Using stolen access privileges, they can access and steal sensitive business and personal data, including Intellectual Property (IP), Personal Identifiable Information (PII), and Patient Health Information (PHI).
Several Advanced Persistent Threat (APT) attacks use RAT technology to bypass strong authentication, spread the infection, and access sensitive applications to exfiltrate data. Moreover, once a RAT infects a device, the cybercriminal can control the device from a comfortable and remote back-end control panel. For these reasons, RAT attacks are extremely dangerous since they attack the chain’s weakest link. These attacks are designed to be scalable and can be customized to fit the target.
HOW XTN CAN HELP
XTN has your back! We designed a behavioral malware engine capable of detecting threats by monitoring user behavior.
XTN Cognitive Security Platform® detects and alerts you when a Ghimob sample is active in a user’s device. These signals help financial institutions to block fraud at the very beginning when credentials are stolen.
ASK US FOR HELP!
XTN Cognitive Security Platform® allows you to protect your services from RAT attacks.
To schedule a live demo of the Platform, submit the following form.