The malware urges victims to open their banking apps with SMS and push notifications, then overlays these apps and steals banking credentials.
These messages appear under the guise of reputable vendors informing users about an undesired event like blocked account access.
To prevent this, the user is requested to open the application. Once victims do that, the Trojan overlays the original window and asks them to input the credentials for a credit card or a bank account. As a result, their payment details are handed over to cybercriminals.
"Ginp is simple, but efficient - and effective. And the rate at which it evolves and acquires new capabilities is concerning. While this attack has so far only been seen in Spain, based on our previous experience, this Trojan could begin to emerge in other countries as well; Android users need to be on alert," Alexander Eremin, security expert at Kaspersky, said in a statement.
Having infiltrated a phone, most mobile banking Trojans try to gain access to SMS messages. They do so to intercept one-time confirmation codes from banks. Armed with such a code, the malware owners can make a payment or siphon off funds without the victim noticing.
At the same time, many mobile Trojans use text messages to infect more devices by sending the victim's contacts a bad download link.
Some malicious apps are more creative, using SMS access to distribute other things in your name, such as offensive text messages.
The Ginp malware can even create incoming texts on the victim's phone that no one actually sent, Eremin said.