A brand new generation of malware has been discovered specifically designed to steal Android users. Several crypto and bank apps are affected worldwide.
On March 28, The Next Web reported that cybersecurity company Group-IB discovered a previously unknown Trojan horse. The company described the malware, which is called “Gustuff”, as a “weapon of mass infection”.
The Trojan is distributed via SMS messages with built-in links that load malicious Android package files. Once an Android device is infected, the Trojan will be automatically redirected through the contact lists.
To accelerate and scale the theft, the malware uses so-called “automatic transfer systems”. These automatically replace fields in reputable Android apps with malicious data to redirect payments to the hackers.
Gustuff mimics several apps
The newsletter also said that Gustuff should contain several “web fakes”. This means following these imitative apps to get the sensitive data from unsuspecting users. This affects a total of 32 different crypto apps, including Coinbase, Bitpay and Bitcoin Wallet.
In addition, Group IB identified a variety of web-fakes for leading banks such as J.P. Morgan, Wells Fargo and Bank of America. 27 fake crypto and banking applications were spotted in the United States, 16 in Poland, 10 in Australia, nine in Germany and eight in India.
The malware also “supports” payment systems and messenger services such as PayPal, Revolut, Western Union, eBay, Walmart, Skype and WhatsApp.
Who is behind the Trojan?
The report states that Gustaff uses Andoird’s accessible features designed for users with physical disabilities. Group describes this approach as relatively rare and effective:
“Use of the Accessibility Service mechanism means that the Trojan is able to bypass [….] Changes to Google’s security policy introduced in new versions of the Android operating system. In addition, Gustuff knows how to disable Google Protect; According to the Trojan developer, this feature works in 70 percent of the cases. “
Group IB noted that Gustuff is backed by a Russian-speaking cybercriminal named “Bestoffer” who works exclusively on international markets.
That’s how you can protect yourself
To protect against Gustuff or other malware, Group IB recommends downloading applications exclusively from Google Play – never from third-party stores.
Furthermore, apps should always be up to date. It is also important to pay attention to the extensions of the downloaded files.
image by Shutterstock
TheBitcoinNews.com – leading Bitcoin News source since 2012
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.
TheBitcoinNews.com is is not responsible for the content of external sites and feeds. Sponsored Guest posts, articles or PRs are not always flagged as this!
Do you want see your PR or Guest post here? Advertise with us : Advertise