New Malware Gustuff targeting Banking, Cryptocurrency and Messengers apps

April 10, 2019
Android malware Gustuff

A newly found type of Android malware has stolen cryptocurrency and banking data from in excess of 125 different applications. The “Gustuff” Trojan virus is said to pick up its popularity in the cybercriminal underworld given that it’s custom-made explicitly to take banking and crypto assets. Gustuff is accepted to be about a year old but has come to attention only now as it defines itself, in any event compared with other types of malware, by sitting unnoticeably out of sight for a period, regularly hidden, before quietly taking financial data.

Gustuff targets 100 banking applications, incorporating 27 in the U.S., 16 in Poland, 10 in Australia, nine in Germany and eight in India, just as 32 digital money applications. The rundown of targets incorporates Bank of America, J.P. Morgan, Wells Fargo, Bank of Scotland, Western Union, Coinbase and Bitcoin Wallet. “Initially designed as a classic banking Trojan, in its current version, Gustuff has significantly expanded the list of potential targets, which now includes, besides banking, crypto services and fintech companies’ Android programs, users of apps of marketplaces, online stores, payment systems and messengers, such as PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, Revolut etc,” the security researchers noted.

In a fascinating turn, Gustuff is primarily being spread by means of SMS instant messages with links to malicious Android package. APK file format Android uses to introduce applications. At the point when a user’s taps on a malicious link and introduces an infected application, Gustuff rapidly spreads over a victim’s device, searching out both contact list and installed applications.

Designed at mass infections and maximum profit for its operators, Gustuff additionally accompanies an interesting feature called “Automatic Transfer Systems” that can autofill legitimate banking and cryptographic apps in order to take funds. If that doesn’t sound bad enough already, it additionally can show counterfeit notifications with authentic icons of the applications it is targeting on.

Users who click on the phony notifications are then cheated into either sharing login details or credit card data.

The security experts ask companies to utilize signature-based detection methods to give clients better protection against malware. It’s not yet evident whether major antivirus and malware companies are identifying Gustuff, however as usual, it’s ideal to rehearse safe web: Only download applications from authority application stores, not through SMS links

About the author

Leave a Reply