{
	"id": "b374de32-b56d-478b-934d-e336c35b3286",
	"created_at": "2026-04-10T03:19:58.011156Z",
	"updated_at": "2026-04-10T03:22:17.644168Z",
	"deleted_at": null,
	"sha1_hash": "0d01fcf7155ae687aeeec2e720864bafa94da129",
	"title": "People infected with coronavirus are all around you, says Ginp Trojan",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 402959,
	"plain_text": "People infected with coronavirus are all around you, says Ginp\r\nTrojan\r\nBy Alexander Eremin\r\nPublished: 2020-03-24 · Archived: 2026-04-10 02:53:15 UTC\r\n coronavirus\r\nGinp banking Trojan uses information about people infected with coronavirus as bait to lure Android users into\r\ngiving away credit card data.\r\nAlexander Eremin\r\nMarch 24, 2020\r\nAs people all around the world started working from home and practicing social distancing, the latter in some\r\ncases may evolve into paranoia. Should I avoid contacting everyone, because, who knows, maybe this person has\r\nhttps://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nPage 1 of 5\n\ncontracted the coronavirus. Or maybe that one? People became somewhat afraid of all other people. And\r\ncybercriminals decided to make use of that.\r\nThe Coronavirus Finder (that doesn’t work)\r\nCybercriminals behind Ginp, a banking Trojan that we have covered recently (here’s a post about Ginp on\r\nKaspersky Daily), are up to a new campaign related to COVID-19. After Ginp receives a special command, it\r\nopens a web-page called Coronavirus Finder. It has a simple interface that shows the number of people infected\r\nwith the coronavirus near you and urges you to pay a small sum to see the location of those people.\r\nOh, what a relief for some people would it be to know whom to avoid! For some people, the message looks more\r\nthan convincing, so they proceed to pay the fee. The amount seems to be quite small, so it’s easy to spare. The\r\nweb-page then offers you to input your card data to make the transaction.\r\nhttps://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nPage 2 of 5\n\nAs you may remember, Ginp is a very capable banking Trojan that relies on a lot of different lures to make users\r\ninput their credit card data into forms, so that it can steal it. If you guessed this web-page is just another form\r\naimed at stealing data — you’ve guessed it right!\r\nOnce you fill in your credit card data, it goes directly to the criminals… and nothing else happens. They don’t\r\neven charge you this small sum (and why would they, now that they have all the funds from the card at their\r\ncommand?). And of course, they don’t show you any information about people infected with coronavirus near\r\nyou, because they don’t have any.\r\nGiven the speed at which the virus spreads, no one has such information, even the governments. So don’t fall for\r\nthis lure. What’s more, to see such a web-page pop up on your device, you need to have Ginp on it first. As long as\r\nyou’re protected and don’t have a Trojan Horse on your phone, you won’t be seeing such notifications.\r\nAccording to data from Kaspersky Security Network, most users who have faced Ginp, are located in Spain, just\r\nas before. However, this is a new version of Ginp that is tagged “flash-2”, while previous versions were tagged\r\n“flash-es12”. Maybe the lack of “es” in the tag of the newer version means that cybercriminals plan to expand the\r\ncampaign beyond Spain.\r\nhttps://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nPage 3 of 5\n\nThat’s not the first time we’ve seen cybercriminals exploit the coronavirus topic. They’ve already used it as bait in\r\nphishing messages and created coronavirus-themed malware.\r\nStaying safe from Ginp banking Trojan\r\nOur advice on how to stay safe from Ginp Banking Trojan remains the same:\r\nDownload apps only from Google Play (and disable the option to install apps from other sources).\r\nStay skeptical. If something seems suspicious – don’t click and, most importantly, don’t give any sensitive\r\ndata such as logins, passwords and payment credentials away.\r\nDo not give the Accessibility permission to apps that request it, other than anti-virus apps.\r\nUse a reliable security solution. For example, is quite aware of Ginp and detects it as Tojan-Banker.AndroidOS.Ginp.\r\nFor staying safe from the coronavirus, we suggest that you follow the WHO’s guidelines.\r\nProtecting health care\r\nHealth-care facilities are struggling with the current coronavirus epidemic, so we must help them with\r\ncyberprotection. We are offering free six-month licenses for our core solutions.\r\nhttps://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nPage 4 of 5\n\nTips\r\nIs your security system secure?\r\nProtecting a security console is more critical than one might think. Here’s the lowdown on control-layer\r\ncompromise, and how to keep it from happening.\r\nSource: https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nhttps://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/"
	],
	"report_names": [
		"34338"
	],
	"threat_actors": [],
	"ts_created_at": 1775791198,
	"ts_updated_at": 1775791337,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0d01fcf7155ae687aeeec2e720864bafa94da129.pdf",
		"text": "https://archive.orkl.eu/0d01fcf7155ae687aeeec2e720864bafa94da129.txt",
		"img": "https://archive.orkl.eu/0d01fcf7155ae687aeeec2e720864bafa94da129.jpg"
	}
}