News Cybersecurity Firm Uncovers New Malware Targeting Android Devices

Cybersecurity Firm Uncovers New Malware Targeting Android Devices


- Advertisment -

The new malware has a lot of tricks up its sleeve.

On March 28, international cybersecurity firm Group-IB published a report on a new type of Android trojan that targets global banking apps and cryptocurrency and marketplace applications.

According to the report, the new malware, dubbed Gustuff, was developed by a “Russian-speaking cybercriminal” nicknamed Bestoffer. The Gustuff malware was first discovered on hacker forums in April 2018; its developer was leasing it for $800 dollars a month. Although the Trojan horse was developed in Russia, research shows it has mainly been used outside of Russia. 

After analyzing a sample of the malware, Group-IB found that it uses several different methods to infect victims’ Android devices and gain access to bank accounts and digital wallets. For starters, it tricks users into downloading fake apps to their phone. The phonies look like real apps from well-known financial institutions such as J.P.Morgan, Wells Fargo, and Capital One, as well as apps from some of the most popular digital currency service providers like Bitpay, Bitcoin Wallet, and Coinbase. Gustuff isn’t limited to these: It also uses fake applications from online retailers, such as Walmart and eBay, and payment portals like PayPal and Western Union.

The folks at Group-IB call the Gustuff malware a “weapon of mass infection” – and with good reason. Once a victim downloads one of the phony smartphone applications, Gustuff begins to spread, targeting and infecting the victim’s contact list or server database by using SMS that contains links to a dangerous file.

In order to steal as much money and data as quickly as possible, Gustuff exploits the Android Accessibility tool, which is intended to aid people with disabilities. With this tool, Gustuff can turn off Google Protect, bypass bank security systems, and automatically interact with the banking and crypto exchange apps to fill in payment fields or change the values of text fields used by banking apps.

As if that were not enough, Gustuff can also initiate fake push notifications with the real icons featured in the legitimate apps from real financial institutions. Group-IB found that when this happens, one of two things will happen. A previously downloaded fake app will pop up and the victim will enter the required personal data, or the real app will open and the malware will automatically fill in the required information and steal the victim’s funds. Gustuff can also send the victim’s personal data, such as documents, screenshots, and pictures, to servers controlled by hackers, and can even reset Android devices to factory settings.

Pavel Krylov, head of Secure Bank, offered some advice to banks and exchanges on how to protect customers from being Gustuff’s next victim:

“In order to better protect their clients against mobile Trojans, the companies need to use complex solutions, which allow [them] to detect and prevent malicious activity without additional software installation for [the] end-user. Signature-based detection methods should be complemented with user and application behaviour analytics. Effective cyber defence should also incorporate a system of identification for customer devices (device fingerprinting) in order to be able to detect usage of stolen account credentials from [an] unknown device. Another important element is cross-channel analytics that help to detect malicious activity in other channels.”

Unfortunately, malware attacks have become all too common in the cryptocurrency ecosystem. In November of 2018, hackers locked the computer networks of two small towns in Alaska using Trojan horse malware. The hackers demanded a ransom be paid in bitcoin before they would unlock the towns’ computers and servers. In March of this year, the Cardinal RAT malware resurfaced and was shown to be targeting FinTech and crypto companies. Just two days ago, a fake advertisement for the Electrum Bitcoin Wallet running on YouTube was found to contain malware.

Source: ETHNews


Please enter your comment!
Please enter your name here

Latest news

5 of the Best Crypto Jobs Sites

The cryptocurrency and blockchain job market has exploded. With new blockchain start-ups and projects being founded at...

What’s the future of decentralized blockchains?

When Bitcoin was new and not valued at anything or just a few cents anyone could join...

My 5 favorite free crypto tools & sites I use daily

So I often get asked by friends, or people visiting my site about new tips for exciting...

Cryptocurrency is The Last Kingdom Where You Can Keep Your Data Private

Data privacy has been a hot topic for quite some time now and particularly after the popularity...
- Advertisement -Cybersecurity Firm Uncovers New Malware Targeting Android Devices

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.

Top 5 Ways To Build a Profitable Business in The Crypto Sector

The crypto industry has grown significantly despite criticism and a skeptical approach from regulators across the globe....

Must read

5 of the Best Crypto Jobs Sites

The cryptocurrency and blockchain job market has...

What’s the future of decentralized blockchains?

When Bitcoin was new and not valued...
- Advertisement -

You might also likeRELATED
Recommended to you