A new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet.
A new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo, and Bank of America. The news was reported by technology news outlet The Next Web on March 28.
Based on research from prominent cybercrime analytics firm Group-IB, this is reportedly the first time the Trojan — now named “Gustuff” — has been reported or analyzed. The malware is described as being designed for mass infection and is spread by SMS messages with links to load malicious Android package kit files.
The malware’s creators have reportedly created “Automatic Transfer Systems” (ATS) that aim to expedite and scale the thefts by triggering autofills of payment fields for legitimate Android apps to maliciously reroute transfers to the hackers.
The app is purported to issue a host of “web fakes” that mimic legitimate apps to phish for sensitive data from users — specifically targeting customers of as many as 32 different crypto apps. Push notifications using legitimate icons are a further device the malware uses to automate downloads of fake apps and trigger transaction autofills.
Group IB reportedly identified 27 fake crypto and banking apps specific to the United States, 16 for Poland, 10 for Australia, nine for Germany and nine for India. The malware also targets payment systems and messenger services such as PayPal, Revolut, Western Union, eBay, Walmart, Skype and WhatsApp.
In order to function, Gustaff reportedly exploits Android’s accessibility features designed for disabled users, with Group IB characterizing this as a relatively rare and effective trick:
“Using the Accessibility Service mechanism means that the Trojan is able to bypass […] changes to Google’s security policy introduced in new versions of the Android OS. Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”
Reportedly first traced to hacker forums from April 2018, Group IB notes that Gustuff has been designed by a Russian-speaking cybercriminal nicknamed “Bestoffer,” yet targets customers of international firms primarily outside of Russia.
Android users are advised by Group IB to download apps strictly from the Google Play store and pay attention to the extensions of downloaded files.
As reported in February, decentralized app MetaMask was recently pulled from Google Play after researchers detected malware impersonating the tool to steal crypto from users.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.