A cybersecurity company claims it has detected a form of malware which is specifically targeting consumers who own accounts at major cryptocurrency exchanges and international banks.
Group-IB says the Trojan horse is affecting users of Android phones, and warns the malicious actors behind the software are trying to steal fiat and crypto assets.
The malware has been given the name “Gustuff,” with researchers claiming that its goal is to achieve “mass infections and maximum profit for its operators.”
According to Group-IB, the malware relies on phishing in order for this to happen – replicating the websites and branding used by legitimate companies in order to dupe unsuspecting consumers into entering their usernames and passwords. The research indicates that more than 30 cryptocurrency apps are being targeted in this way, including big names such as Bitcoin Wallet, BitPay and Coinbase.
It is believed that many of the infections achieved by Gustuff happen through text messages that contain links to the malware. Once an Android smartphone or tablet has been compromised, remote servers are used to target the victim’s contacts.
Illustrating the levels of sophistication deployed by the hackers, Gustuff also targets legitimate apps by filling forms with the attackers’ bank details – replacing the information that the victim may have stored in their device beforehand. Group-IB warned this mechanism “means that the Trojan is able to bypass the security measures used by banks to protect against older generations of mobile Trojans.”
Other risks associated with Gustuff include how unsuspecting victims can be sent push notifications that appear to be sent by authentic companies – paving the way for fake software to be downloaded to their devices. Files can be transferred from an Android phone without the owner’s knowledge, including screenshots and photographs. Group-IB says that the hackers also have the capability of returning a phone to factory settings, which could be potentially catastrophic if a victim fails to backup their device on a regular basis.
Group-IB goes on to claim that the malware has been advertised on forums used by hackers for $800 a month, where it was described as a “serious product for individuals with skills and experience.”
Experts are urging crypto enthusiasts who use Android phones to only ever download apps for exchanges and banks through Google Play, avoid third-party app stores, regularly install software updates and to be vigilant when downloading files and opening URLs sent via SMS.