• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Malware » New Gustuff Malware Steals Money from Banking Apps

New Gustuff Malware Steals Money from Banking Apps

2019-04-02 by Michelle Dvorak

Gustuff Malware Android

Gustuff Android Malware Attacks Banking and Cryptocurrecny Apps

A new malware, Gustuff, is spreading across Android phones and phishing for financial credentials from banking and cryptocurrency apps. Trojan horse malware Gustuff infects Android devices and impersonates baking apps to steal money from unsuspecting users. So far, the malware targets 100 banks and 32 cryptocurrency apps. It also uses the phone’s contact list and messaging apps to infect more devices. The malware was discovered by Russian cybersecurity firm Group IB.

Gustuff malware phishes account credentials and creates fraudulent bank transactions by impersonating over 100 banking apps and 32 cryptocurrency apps. Banks targeted by the malware include Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank. Cryptocurrency apps are not immune to this malware. Thirty-two cryptocurrency apps are also targeted by Gustuff including BitPay, Cryptopay, Coinbase, and Bitcoin Wallet. The malware also hacks other Android payment and messaging apps including PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, Revolut as well as others.

The malware is spread through app download sites, unofficial marketplaces, and via text messages. As soon as a new device is infected, the malware uses the contact list to infect other devices.

The malware can also rest the phone back to factory settings.

Gustuff Malware Steals Money from Apps

Gustuff malware uses SMS messages as part of a social engineering attack to infect more devices. Once infected it tricks the device owner into giving it permission to use the phone’s Android Accessibility service and gives itself admin rights. These Accessibility services are an aid intended for use by people with disabilities. The accessibility features automate various screen interactions and tap screen choices on the user’s behalf.

“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” said Group-IB. “Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”

The malware then shows fake login pages on top of other legitimate apps. It can autofill fields in legitimate banking apps with its own data during normal use. For example, a transfer can be directed to another bank Account or cryptocurrency wallet.

The trojan malware can send push notifications to the device and impersonate any app. When the user selects the fake app, Gustuff opens a spoofed web page that phishes the login credentials. In other cases, when the user opens the legitimate app, the malware autofills the transaction information and uses the Accessibility service to automatically approve a money transfer to the hacker’s financial account.

What is Malware
What is Malware

How Gustuff Malware Infects Phones

Gustuff malware uses web fakes which are fraudulent copies of real apps created by hackers to emulate the real apps. The spoofed web fakes look identical to their legitimate counterparts. Users are fooled into using the fake app because it looks just like their real banking app. When they enter their usernames and passwords, the information is stolen by the malware and sent to hackers.

Banking apps for major organizations like J.P. Morgan, Wells Fargo, and Bank of America are targeted by this malware and its web fakes. Twenty-seven apps targeted at US users were discovered. In addition, 16 apps specific to Poland, ten targeted at Australian users, nine for Germany, and eight in India are also spreading. Gustuff malware also spoofs payment apps PayPal, Revolut, and Western Union. Shopping apps eBay and Walmart as well as messaging apps Skype, and WhatsApp are also targeted. In total, there are over 100 spoofed apps in use by Gustuff malware.

How to Stop Malware

The best way to protect your devices from hackers is to only download apps from official app stores like Google Play or the iTunes store. Do not click on any suspicious links in emails or messages, even if they are from people you know. Malware messages originate from a friend’s infected phone and will appear legitimate.

Filed Under: Malware Tagged With: Android, phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version