Saturday, April 10, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Gustuff Android banking trojan targets 125+ banking, IM, and cryptocurrency apps

March 29, 2019
in Internet Security
Gustuff Android banking trojan targets 125+ banking, IM, and cryptocurrency apps
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter
http://www.zdnet.com/

A new Android banking trojan is starting to gain popularity on the cybercriminal underworld. Named Gustuff, the trojan has been around for almost a year, during which time it slowly received updates over updates, becoming a powerhouse in terms of features and targeting capabilities.

This Android banking trojan now joins the ranks of similar top-tier threats, such as Anubis, Red Alert, Exobot, LokiBot, and BankBot.

You might also like

Washington State educational organizations targeted in cryptojacking spree

Critical Zoom vulnerability triggers remote code execution without user input

Nation-state cyber attacks targeting businesses are on the rise

According to an analysis of Gustuff shared with ZDNet by cyber-security firm Group-IB, Gustuff can phish credentials and automate bank transactions for over 100 banking apps and 32 cryptocurrency apps.

Targets include known banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank, but also cryptocurrency apps such as BitPay, Cryptopay, Coinbase, and Bitcoin Wallet.

In addition, the trojan can also phish credentials for various other Android pyment and messaging apps, such as PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, Revolut, and others.

Gustuff’s unique trick

Under its hood, Gustuff operates like all the other Android banking trojans on the market. It uses social engineering to trick users into giving it access to the Android Accessibility service, a feature meant for users with disabilities and a powerful tool that can automate various UI interactions and tap screen items on the user’s behalf.

Most Android banking malware uses this service to give itself admin rights and show the fake login pages on top of other apps. However, Gustuff abuses this service differently, and in a more complex and devious way than all its competitors.

“Trojans that use [the] Accessibility Service is indeed not a rare occurrence,” Rustam Mirkasymov, Head of Dynamic Analysis of Malware Department at Group-IB told ZDNet yesterday. “Gustuff’s unique feature is that it is capable of performing ATS with the help of the Accessibility Service.”

An ATS is a term specific to the banking –and banking malware– sector. It stands for Automatic Transfer Service. When used in the context of malware, it refers to a banking trojan’s ability to make transactions from an infected user’s computer, rather than stealing their account credentials and then using those credentials to steal money via other computers/smartphones.

Basically, thanks to the Android Accessibility service, Gustuff has implemented an ATS system right on the user’s phone. It can open apps, fill in credentials and transaction details, and approve money transfers on its own.

Banking trojans meant to infect Windows computers have been doing this for years, with the help of services like VNC, but ATSes are still a rare occurrence for Android banking trojans.

“The fact that Gustuff uses [an] ATS makes it even more advanced than Anubis and RedAlert,” Mirkasymov told ZDNet.

Not on the Google Play Store yet

But while the trojan is more advanced than most of its competition, it has not been that popular. Gustuff was never deployed inside apps uploaded on the official Google Play Store, as it currently appears to be unable to bypass Google’s security scans –unlike most of its rivals.

Currently, the only way threat actors have been seen distributing the trojan has been through SMS spam that carries links to the trojan’s APK installation file, Group-IB said.

The trojan has been on the market since April 2018, when its author first started advertising it on a well-known forum for Russian-speaking cybercriminals.

Gustuff ad

Image: ZDNet
http://www.zdnet.com/

Other Gustuff features

Besides having built an Accessibility Service-powered ATS, Gustuff also has other features. According to its ad, Gustuff can also turn off Google Play Protect, a security feature of the Google Play app –which according to its author, works in 70 percent of cases.

The trojan is also able to show custom push notifications that can pose as any app, but when clicked, open either a web page showing a phishing form to steal login credentials for a specific service, or they open the legitimate app, where the trojan auto-fills transaction forms and uses the Accessibility service to automatically approve funds transfers.

Last, but not least, the trojan can also collect data from infected devices, such as documents, photos, and videos, if necessary. Its most insidious feature is Gustuff’s ability to reset a device to factory settings, in case trojan operators fear their presence on the device would ever be discovered.

Related malware and cybercrime coverage:

Credit: Source link

Previous Post

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Next Post

Ebix launches GeniEbix – a New Generation Artificial Intelligence and Machine Learning Solution to Power its Insurance Exchanges and Enterprise Platforms

Related Posts

Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Critical Zoom vulnerability triggers remote code execution without user input
Internet Security

Critical Zoom vulnerability triggers remote code execution without user input

April 10, 2021
Nation-state cyber attacks targeting businesses are on the rise
Internet Security

Nation-state cyber attacks targeting businesses are on the rise

April 10, 2021
These are the terrible passwords that people are still using. Here’s how to do better
Internet Security

These are the terrible passwords that people are still using. Here’s how to do better

April 9, 2021
Why do phishing attacks work? Blame the humans, not the technology
Internet Security

Why do phishing attacks work? Blame the humans, not the technology

April 9, 2021
Next Post
Ebix launches GeniEbix – a New Generation Artificial Intelligence and Machine Learning Solution to Power its Insurance Exchanges and Enterprise Platforms

Ebix launches GeniEbix – a New Generation Artificial Intelligence and Machine Learning Solution to Power its Insurance Exchanges and Enterprise Platforms

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021
Data Science

5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021

April 10, 2021
One-stop machine learning platform turns health care data into insights | MIT News
Machine Learning

One-stop machine learning platform turns health care data into insights | MIT News

April 10, 2021
Machine learning: is there a limit to technological patents in Brazil?
Machine Learning

Disclosing AI Inventions – Part I: Identifying the Unique Disclosure Issues

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison April 10, 2021
  • IBM releases Qiskit modules that use quantum computers to improve machine learning April 10, 2021
  • Hackers Tampered With APKPure Store to Distribute Malware Apps April 10, 2021
  • 5 Dominating IoT Trends Positively Impacting Telecom Sector in 2021 April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates