If you are an android user who also happens to use cryptocurrency, you are not only the smartest man but you are also more likely to be the next target of Gustuff!
A new strain of Trojan malware for Android phones is targeting global users of top crypto apps, Coinbase, BitPay, and Bitcoin Wallet to name a few. This time even banks seem to be under threat as well as JP Morgan, Wells Fargo, and Bank of America is also on their hit list.
Based on the research that was published by The Next Web on March 28th, according to prominent cybercrime analytics, this is the first time the Trojan – also known as “Gustuff” – has been reported.
The malware is spread by SMS messages with links to load malicious Android package kit.
This nifty little virus works on “Automatic Transfer Systems”. What it does it that it aims to accelerate the task and scale the thefts by triggering auto fills of payment fields for legitimate Android apps to maliciously reroute the money to the hackers.
The app issues “web fakes” that copy legitimate apps behavior to phish for sensitive data from users. Push notifications that seemingly look legit due to their icons are a further device that malware uses to automate downloads of fake apps and trigger transaction auto-fills.
Twenty-seven fake crypto and banking apps were identified for the United States, nineteen for Poland, ten for Australia, nine for Germany and nine for India. You also ought to keep a lookout for services such as PayPal, Revolut, Western Union, eBay, Walmart, Skype, and WhatsApp.
“Using the Accessibility Service mechanism means that the Trojan is able to bypass […] changes to Google’s security policy introduced in new versions of the Android OS. Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”
It has been identified by Group IB that the mind behind Gustuff is a Russian-speaking cybercriminal nicknamed “Bestoffer”, however, he mainly targets international firm outside of Russia.
One word of advice would be to only download apps from Google Play strictly and pay attention to whatever extension or updates your phone has.