Ginp is one of the new Banking Trojans specifically aimed at Spanish Banking
Theft of banking credentials is based on 'overlays' that are shown to the user when he or she starts the legitimate application of the affected bank. In addition to the use of 'overlays', GINP uses the same techniques as the rest of the Android banking Trojans to detect the start of legitimate apps, implementing an accessibility service that receives the events that occur in the user interface.
It is especially curious that this malware has gone from being a spy Trojan to being a banking Trojan which, additionally, only affects Spanish banking entities. This indicates that these samples are specially designed to affect Spanish users.