A new Trojan Horse malware is affecting the digital finance world. The Trojan Horse malware is targeting digital assets and fiat assets through Android phones. The primary motive of the malware is to steal these assets from the Android mobile using customers of prime international banks and cryptocurrency exchanges.
One cybersecurity firm named Group-IB first found the malware. The malware already has the name- Gustuff. The cybersecurity firm has warned the market that the malware built with in&out automated functionality which is designed to facilitate mass infections. This is a new-gen Trojan which was never reported or studied before, ever.
Gustuff uses a very unique strategy to influence investors and crypto app-users. It uses a raft of the fake web which mimics the targeted app and phishes sensitive information like usernames and passwords from users. Here, users are tricked into using the mimicked version of their app and those who do that, lose their assets to this malware creators.
The malware is specifically targeting 32 unknown cryptocurrency apps which include big names like Bitcoin wallet, and Coinbase. Apart from apps of cryptocurrency exchanges, international banking institutions like J.P. Morgan and Bank of America are also targeted. The influenced apps have 27 apps from the US, 16 from Poland, 8 in India and 9 in Germany along with10 in Australia.
The malware has the functionality to affect payment service providers and messengers like Paypal, What’s App, Revolut, eBay, Walmart, etc. The malware is spreading itself by sharing the link through SMS. The cybersecurity firm Group-IB has called it a mass infecting weapon.
As soon as the person hit the link, it leads to the loading of virus-infected android packages into the mobile device. Once this is done, a remotely located server helps in spreading the Trojan to the mobile data.
The malware comes with a unique Automatic Transfer Systems which enables the spreading and scaling of the stolen assets. It helps malware creators to automatically replace the required fields in the genuine apps with the malware data. To make this work, the Trojan leverages on the android features designed especially for its disabled users.
The cybersecurity firm said that “Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against the older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS.”
The level at which this malware is affecting, the users show its strength; even push notifications are being sent to the users. If any user clicks on one of these notifications, a web fake or app appears asking for the details of the users. These are either getting filled in a malware setting or the malware itself auto fills the data along with the amount.
Gustuff reportedly has come following to footsteps of AndyBot malware which has been using Android phones for stealing money since November 2017. The analysis done by the cybersecurity firm states that one Russian speaking person with a name ‘Bestoffer’ created this malware to target the international market.
To avoid such malware attacks, it would be better to download apps from authorized servers like Google Play. Companies can adopt a signature supported process to secure users.