Trojan-based malicious code variants that operate on Android smartphones include 32 wallet users, including coin-based coin-based exchanges and bill paying companies, as well as banking sites such as US major banks such as JP Morgan, Wells Fargo and Bank of America. .
According to a Group IB investigation, a cybercrime analysis company in Russia, the first detection Trojan was named Gustuff. Gustav is designed for mass infections and is spreading via SMS messages, including links to package files for Android.
The author of Gustaf said that he created automatic transmission system by using automatic input function such as payment items commonly used in Android apps. Gustaf also aims to create a number of phishing sites that steal cryptographic user information by masquerading as a real app against 32 cryptographic app users. This structure allows for automatic input by downloading counterfeit data that mimics a spoofed app and a real website through push notifications that steal common app icons. It also exploits Android user assistance developed for people with disabilities.
? #GroupIB uncovers #Android #Trojan #Gustuff capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications Gustuff is a new generation of #malware designed to steal fiat and crypto https://t.co/ gUC9il5AKc pic.twitter.com/sBNvDelIrI
– Group-IB (@GroupIB_GIB) March 28, 2019
Group IB has identified spoofed apps targeting more than 100 banking apps and 32 currency coin apps, including 27 in the US, 17 in Poland, 10 in Australia, 9 in Germany, and 8 in India. PayPal Online Banking, Western Union, eBay, Wal-Mart, Skype, Watts apps and payment systems and messenger apps are also one of the targets. Group IB warned Android users to download apps only from Google Play and pay attention to downloaded file extensions. For more information, please click here .