Cryptocurrency and banking apps targeted by new Android malware

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

According to the cybersecurity company Group-IB which identified the new threat, Gustuff comes equipped with fully automated functionality that causes “mass infections and maximum profit for its operators.” The malware phishes for sensitive data utilising Android‘s accessibility features. 

“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” said Group-IB.

Group-IB also warned the malware can mimic legitimate push notifications.

So far, 32 cryptocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files,” using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.