Today a web page that masqueraded as that of the Ministry of Health of Spain was detected, a page that had a very different objective to report: it wanted to distribute the #Ginp banking Trojan for Android.
After being installed, the program asked to activate accessibility services, and if the user fell for it, data about all the applications that were running were sent to the attacker’s server.
To address this issue, we have spoken with Eusebio Nieva, Check Point’s technical director for Spain and Portugal:
What data can be stolen by this type of cyber attack?
The first thing we must bear in mind is that this type of cyber attack has as its main objective the theft of as much personal data as possible, among which are usernames and passwords of different services or applications, photographs, contacts or information that can be removed from the device. The fact that in this case they have used a Trojan implies that the cybercriminal behind this attack wants to obtain banking credentials from their victims in order to obtain financial benefits.
How have they succeeded in supplanting a government website?
At Check Point we always warn of this type of hacking because of how dangerous they are since, until their existence is detected, they have been able to steal an infinity of information. The processes used to impersonate a page is either literally tracing the web detail by detail, or using computer systems that automate the process by entering the URL of the web and, through it, create a replica. With this they ensure that the user does not detect any change, since it is practically impossible to differentiate which is the true and which is the false at first glance.
How can you tell a fake website from a real one?
As I have commented before, taking into account that the design of the impersonated website is completely the same as the original, it is visually clear that it is impossible for a user to realize the deception. Therefore, the only way you can detect if the website you are on is false is to check the address of the page you are visiting or checking the certificates, something that the home user does not usually do. So, the only way that exists to detect a fraudulent page in the beginning is its web address, so it is important to be attentive to these details so as not to be a victim of a Trojan of this type and not trust any URL suspicious.
How can a website be protected from these cyberattacks?
There are different ways to protect any website from these viruses. For the websites of large organizations, institutions or companies, the simplest and most basic way to protect themselves against this type of phishing cyberattacks is to have all the possible domains of their URL in their possession, so that a cybercriminal cannot use a domain similar to the one. of the company’s website to deceive other users. This makes it more difficult for cybercriminals to create a double of the original url.
From WWWhatsnew we want on the one hand to thank Eusebio Nieva for the answer to our questions, as well as to warn you once again of how important it is to pay attention to the web where we are at all times, to avoid falling into this type of trap .