UPDATED 23:44 EDT / MARCH 28 2019

SECURITY

Gustuff Android malware targets 125+ banking and cryptocurrency apps

A newly discovered form of Android malware has stolen cryptocurrency and banking data from more than 125 different apps.

Discovered by security researchers at Group-IB, the “Gustuff” Trojan virus is said to be gaining popularity in the cybercriminal underworld given that it’s tailored specifically for stealing banking and crypto assets.

Gustuff is believed to be about a year old but has come to attention only now as it defines itself, at least compared with other forms of malware, by sitting quietly in the background for a time, often undetected, before stealthily stealing financial data.

Gustuff targets 100 banking apps, including 27 in the U.S., 16 in Poland, 10 in Australia, nine in Germany and eight in India, as well as 32 cryptocurrency apps. The list of targets includes Bank of America, J.P. Morgan, Wells Fargo, Bank of Scotland, Western Union, Coinbase and Bitcoin Wallet.

“Initially designed as a classic banking Trojan, in its current version, Gustuff has significantly expanded the list of potential targets, which now includes, besides banking, crypto services and fintech companies’ Android programs, users of apps of marketplaces, online stores, payment systems and messengers, such as PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, Revolut etc,” the security researchers noted.

In an interesting twist, Gustuff is primarily being distributed via SMS text messages with links to malicious Android package files. APK files are the file format Android uses to install applications. When a user clicks on a malicious link and installs an infected application, Gustuff quickly spreads across a victim’s device, seeking out both contact lists and installed applications.

Aimed at mass infections and maximum profit for its operators, Gustuff also comes with a unique feature called “Automatic Transfer Systems” that can autofill legitimate banking and cryptocurrency apps so as to steal funds. If that doesn’t sound bad enough already, it also has the ability to display fake push notifications with legitimate icons of the apps it is targeting. Users who click on the fake push notifications are then tricked into either sharing login details or credit card data.

The security researchers urge companies to use signature-based detection methods to give clients better protection against malware. It’s not yet clear whether major antivirus and malware companies are detecting Gustuff, but as always, it’s best to practice safe internet: Only download apps from official app stores, not via SMS links.

Photo: myhsu/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU