According to the latest report from cybersecurity firm Group-IB, a new type of android trojan developed by Russian-based cybercriminals is spreading across global banking apps, cryptocurrency, and marketplace applications. The new malware, dubbed Gustuff, is a different kind of malware designed to steal both authorization and cryptocurrency from the user accounts, the report stated.
According to the report, Gustuff could potentially target users of more than 100 banking apps, including 27 in the United States, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and also the users of 32 cryptocurrency apps.
Group-IB stated that its security team analyzed a sample of the malware and found that it uses several different methods to infect victims’ Android devices and gain access to bank accounts and digital wallets. It tricks users into downloading fake applications that look like real apps from popular digital currency service providers and financial institutions like J.P.Morgan, Wells Fargo, Capital One, Bitpay, Bitcoin Wallet, and Coinbase.
Gustuff exploits the mobile’s Android Accessibility tool, which is intended to help people with disabilities, to turn off Google Protect, bypass bank security systems, and automatically interact with the banking and crypto exchange apps.
“All new Android Trojans offered on underground forums, including Gustuff, are designed to be used mainly outside Russia, and target customers of international companies. In Russia, after the owners of the largest Android botnets were arrested, the number of daily thefts decreased threefold, Trojans’ activity became significantly less widespread, and their developers focused to other markets. However, some hackers patch modifies the Trojan samples and reuse it in their attacks on users in Russia,” said Rustam Mirkasymov, Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert.