(https://bitcoinerx.com/wp-content/uploads/2019/03/pix-malware-virus-696x445.jpg)
If the internet was a person, it would likely be riddled with disease. Malware is always an ever-present threat, found on internet sites, in emails, and even in apps. A new Trojan has been making the rounds, and it is highly effective, targeting more than 130 apps associated with banks, cryptocurrency exchanges, and instant messaging platforms.
Malware Labeled ‘Weapon of Mass Infection’
The malware in question is dubbed Gustuff, and Russian cybersecurity firm Group-1B says it has been operating for a year. Gustuff is being spread by hackers on Android devices in order to gain access to users’ Android Accessibility feature.
(https://bitcoinerx.com/wp-content/uploads/2019/02/pix-android-app-640x410.jpg)
Android Accessibility was created for people with disabilities so that certain UI interactions would become automated. Gustuff uses this access to give itself admin rights to target over a hundred apps associated with banks and cryptocurrency exchanges.
Group-1B says Gustuff is more sophisticated than similar Trojans as it implements an ATS system, which means it can make banking transactions directly from the user’s infected device. Instead of stealing account data and sending it to the hacker, Gustuff will actually open apps, fill in the required data, and make financial transactions on its own.
Over 130 Apps Targeted
The number of apps being targeted by Gustuff is staggering. 32 cryptocurrency apps have been identified so far, such as Coinbase, BitPay, and Bitcoin Wallet. The malware is also targeting 100 banking apps, such as those from Capital One, TD Bank, JP Morgan, and PNC Bank.
(https://bitcoinerx.com/wp-content/uploads/2018/12/whatsapp-1212017_1280-pixabay-e1545429409558-640x410.jpg)
The reach of Gustuff continues to popular messaging apps as well. Walmart, eBay, WhatsApp, Western Union, Skype, and Get Taxi are just some of the Android apps in the malware’s crosshairs.
Group-1B notes:
Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS.
Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.
The good news is that while Gustuff is powerful, it’s not very prevalent yet. It appears to be unable to bypass Google’s security scans, so it has not shown up in the Google Play Store.
Source (https://bitcoinerx.com/crime-beat/weapon-of-mass-infection-malware-targeting-cryptocurrency-and-banking-apps/)