Newly Found Android Malware is Targeting Major Crypto Exchanges

by Arnab Shome
  • It is specifically targeting 32 digital asset exchanges around the globe.
Newly Found Android Malware is Targeting Major Crypto Exchanges
Finance Magnates
Join our Crypto Telegram channel

A new generation of Trojan malware specifically targeting Android devices for Cryptocurrencies and fiats has been revealed.

Dubbed Gustuff, the malware was discovered by the cybersecurity firm Group-IB, and it is targeting applications of major digital asset exchanges and banks.

“Weapon of Mass Infection”

The first of its kind malware has fully automated functions and has been described as a “weapon of mass infection.” Hackers are spreading this using SMS containing malicious links to load the package kit files, according to the Russian cybersecurity firm.

The malware uses “web fakes” to mimic legitimate apps for phishing sensitive data from users. The company detailed that it is specifically targeting 32 crypto exchanges including Coinbase, BitPay, and Bitcoin Wallet.

In addition, Android applications of major banks like Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank are also not immune to Gustuff. So far, Group-IB has detected 27 apps specific to the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 apps in India that are specifically getting targeted.

“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” the security firms stated.

“Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”

Targeting a Wide Spectrum

The sophisticated malware also supports an array of payment and messaging platforms including PayPal, Revolut, Western Union, eBay, Walmart, Skype, and WhatsApp.

The Trojan horse malware was traced back to posts on hacker forums starting in April 2018 by Group-IB and was allegedly created by a Russian hacker pseudo named as “Bestoffer.”

Since the digitization of the financial sector, a new breed of criminals surfaced, and the trend went up drastically with the boom in the unregulated digital asset industry. Recently, Finance Magnates reported that North Korea-backed hacker group Lazarus APT is also adapting to the evolving tech securities to target crypto exchanges.

A new generation of Trojan malware specifically targeting Android devices for Cryptocurrencies and fiats has been revealed.

Dubbed Gustuff, the malware was discovered by the cybersecurity firm Group-IB, and it is targeting applications of major digital asset exchanges and banks.

“Weapon of Mass Infection”

The first of its kind malware has fully automated functions and has been described as a “weapon of mass infection.” Hackers are spreading this using SMS containing malicious links to load the package kit files, according to the Russian cybersecurity firm.

The malware uses “web fakes” to mimic legitimate apps for phishing sensitive data from users. The company detailed that it is specifically targeting 32 crypto exchanges including Coinbase, BitPay, and Bitcoin Wallet.

In addition, Android applications of major banks like Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank are also not immune to Gustuff. So far, Group-IB has detected 27 apps specific to the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 apps in India that are specifically getting targeted.

“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” the security firms stated.

“Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”

Targeting a Wide Spectrum

The sophisticated malware also supports an array of payment and messaging platforms including PayPal, Revolut, Western Union, eBay, Walmart, Skype, and WhatsApp.

The Trojan horse malware was traced back to posts on hacker forums starting in April 2018 by Group-IB and was allegedly created by a Russian hacker pseudo named as “Bestoffer.”

Since the digitization of the financial sector, a new breed of criminals surfaced, and the trend went up drastically with the boom in the unregulated digital asset industry. Recently, Finance Magnates reported that North Korea-backed hacker group Lazarus APT is also adapting to the evolving tech securities to target crypto exchanges.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}