A brand new generation of malware has been discovered specifically designed to steal Android users. Several crypto and bank apps are affected worldwide.
On March 28, The Next Web reported that cybersecurity company Group-IB discovered a previously unknown Trojan horse. The company described the malware, which is called “Gustuff”, as a “weapon of mass infection”.
The Trojan is distributed via SMS messages with built-in links that load malicious Android package files. Once an Android device is infected, the Trojan will be automatically redirected through the contact lists.
To accelerate and scale the theft, the malware uses so-called “automatic transfer systems”. These automatically replace fields in reputable Android apps with malicious data to redirect payments to the hackers.
Gustuff mimics several apps
The newsletter also said that Gustuff should contain several “web fakes”. This means following these imitative apps to get the sensitive data from unsuspecting users. This affects a total of 32 different crypto apps, including Coinbase, Bitpay and Bitcoin Wallet.
In addition, Group IB identified a variety of web-fakes for leading banks such as J.P. Morgan, Wells Fargo and Bank of America. 27 fake crypto and banking applications were spotted in the United States, 16 in Poland, 10 in Australia, nine in Germany and eight in India.
The malware also “supports” payment systems and messenger services such as PayPal, Revolut, Western Union, eBay, Walmart, Skype and WhatsApp.
Who is behind the Trojan?
The report states that Gustaff uses Andoird’s accessible features designed for users with physical disabilities. Group describes this approach as relatively rare and effective:
“Use of the Accessibility Service mechanism means that the Trojan is able to bypass [….] Changes to Google’s security policy introduced in new versions of the Android operating system. In addition, Gustuff knows how to disable Google Protect; According to the Trojan developer, this feature works in 70 percent of the cases. “
Group IB noted that Gustuff is backed by a Russian-speaking cybercriminal named “Bestoffer” who works exclusively on international markets.
That’s how you can protect yourself
To protect against Gustuff or other malware, Group IB recommends downloading applications exclusively from Google Play – never from third-party stores.
Furthermore, apps should always be up to date. It is also important to pay attention to the extensions of the downloaded files.
image by Shutterstock
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
