Android Crypto users have been targeted in a new Trojan malware scheme! Apps affected include Coinbase, BitPay, and Bitcoin Wallet, as well as banking apps from JPMorgan, Wells Fargo, and Bank of America. This was first reported by The Next Web, a technology news outlet.
The new Trojan malware has been dubbed “Gustuff” and this is the first instance of it being reported or analyzed. The malware is designed to mass infect and spread via SMS messages with links that are set to load malicious Android package kit files.
The Malware’s creators have reportedly created “Automatic Transfer Systems” that seek to speed up and grow the number of thefts by triggering autofills of payment fields for legitimate Android apps. The hackers used this method to maliciously reroute transfers to themselves.
The app is purported to issue “web fakes” that mimic actual real apps – the purpose is simple: to phish for sensitive data from users. Specifically, by using as many as 32 different crypto apps, they targeted users of crypto apps. Push notifications using legitimate icons were also used by the malware to actuate automatic downloads of fake apps.
Group IB, a cybercrime analytics firm, reportedly identified 27 fake crypto and banking apps specific to the United States, 16 for Poland, 10 for Australia, 9 for Germany, and 9 for India. The malware also targets payment systems and messenger services such as Revolut, Western Union, eBay, Walmart, Skype, and WhatsApp.
Group IB notes that Gustuff has been designed by a Russian-speaking cybercriminal who goes by “Bestoffer”, but specifically targets those outside of Russia.
Android users are advised to download apps strictly from the Google Play store and pay extreme close attention to the extensions of downloaded files.
What do you think? Do you use Android devices? Let us know what you plan to do on our Facebook page!