More than 100 banking apps are affected by a next generation Android trojan

Cybersecurity researchers have discovered a new and powerful android trojan dupped as ‘Gustuff’. Its capabilities are very versatile from stealing cryptocurrency from wallets to making fraudulent payments from services and e-commerce apps.

Gustuff represents the next generation of malware, it is so complete and has fully automated features.
During a malware analysis, it was found that the developer of this malware is a Russian hacker; its creation is exclusively designed to be used outside the country.

The threat is designed to spread via text messages and is targeting customers of more than 100 banks globally including several US-based such as Bank of America, Wells Fargo, and Capital One. It can also target more than 32 cryptocurrency apps, numerous e-commerce sites, and popular payment services such as Western Union, BitPay, and PayPal.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Trojan modus operandi:
Gustuff starts its infection via SMS messages that are containing a link that directs the victim to an Android Package Kit (APK) file.
If anyone makes the mistake of clicking on the malicious link, Gustuff will be downloaded on the user’s device.

Typically, Android has a cybersecurity measure that prevents users from installing applications downloaded from unknown sources, many people opt for disabling this security option. If so the malicious application will ask the victim to accept a number of permissions. Once the infection is complete, the malware will spread further using the contacts list on the infected device.

The main trojan functionality is based on exploiting Android Accessibility Services
Gustuff is designed to leverage every feature of Android Accessibility Service in order to fully interact with online banking apps, crypto wallet, applications for payment services, e-commerce sites and, other apps.
Another powerful capability of the trojan is the one that pushes out fake notifications that appear to be from legitimate banking and other targeted apps that are installed on the infected device.

If the fake push is clicked, the malware will then download a Web page that appears to belong to the banking or other apps that sent the notification
Even if the malware Gustuff is a next-gen one, cybersecurity researchers are saying that its main logic of infection it is based on an old human error which is the irresponsibility of downloading Android apps from outside the Google Play app store. Remember that third-party app sites continue to be by far the biggest source of Android malware and also remember to always double check the granted extra permissions that you give to your applications!

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.