A powerful Android bank Trojan Gustuff aimed at more than 100 bank apps and 32 cryptocurrency apps on the market. In addition to stealing victims’ financial accounts, it can automatically execute transactions without permission.
Hackers mainly spread Gustuff by sending SMS that contains malicious APK file links to Android users. Once Android users download and install Gustuff, the Trojan can receive commands from remote servers and send malicious messages to victims’ contacts, expanding the scope of Trojan infection.
Gustuff has the ability to display bogus notifications based on legal program icons. When the victims click on the notification, there may be two consequences. On one hand, a window may pop up and ask victims to enter user name and password. On the other hand, it may open legal app and automatically fill it the payment detail automatically to make illegal transfer.
The former is the commonest method used by banking Trojan to steal victims’ financial accounts & passwords. The later relies on Gustuff’s distinctive capability – Automatic Transfer Systems (ATS) which automatically fills in or tampers with the payment bar in financial procedures.
In order to perform ATS, Gustuff took advantage of the Accessibility Service on the Android platform to bypass the bank app’s security mechanisms, allowing Gustuff to interact with these bank programs to perform illegal transfers. In addition, Gustuff can also turn off Google Protect, with a success rate of up to 70%.
Gustuff not only locks in numerous bank and cryptocurrency apps, but also compromises various app stores, online shopping, payment systems or SMS programs, including PayPal, Western Union, eBay, Walmart, Skype and WhatsApp. In addition to stealing financial accounts or credit card fraud, it can also send text messages, screenshots or photos on the hacked device to a remote server, or remotely restore the device to factory settings.
Gustuff was firstly found in Russia and has been through the government sweep on Android botnet. The local hackers now target the international market.
Published by Emerson L. Sullivan & last updated on April 1, 2019 2:51 am