The malware Ginp was created a few months ago and is part of a campaign focused on Spanish banks. After installing on a device, detected the applications of different banks and superimposed a perfect replica above the legitimate one in order to steal the data of the bank cards.
When opening the infected application, the malware requests access credentials and, after, card details, with its expiration date and CVV number. The user is tricked into believing that he is accessing his bank, But the data will be sent to the attacker.
The banks that are affected by this malware are: Santander, Bankia, EVO Bank, Kutxabank, BBVA, Bankinter and CaixaBank.
This attack is very sophisticated for what is usual in banks in Spain. Copying the interface is so accurate on Android devices that it's strange to researchers.
The application is also programmed so that when you receive an SMS with related information from the bank (such as transfer notices and so on), it is forwarded to the attacker without the user noticing.
One of the ways to detect this infection is that after running the bank application, If the application manager opens, You can see an unnamed application running.