Android mobile phone users need to be aware of the recent Trojan malware just discovered by cybersecurity firm Group-IB which appears to be tailored towards stealing fiat and cryptocurrency. Malware is any piece of software designed to damage a network or gain access to information without the user’s knowledge.
source
In fact the attack is called Trojan because it is exactly like a Trojan horse which in Greek mythology was once given by the Trojan Empire to their enemy during a war between the two. It was actually a war tactic to gain access to the enemy’s walled city by building a large horse sculpture as an apparent gift left at the gates.
When the enemy opened the gates and took it in, thinking it a gift, the Trojan soldiers hiding inside the giant sculpture jumped out and attacked the city, gaining a victory by this ruse.
In the same way, a Trojan malware is usually executed by the victim themselves, who unknowingly accepts the piece of software or allows it access while it is disguised as something else. In this case the malware named “Gustuff” is spread via SMS message which has links to load fake malicious Android package kit files. This is a weapon of mass infection which has been around since 2018 but has never been reported or analysed until now.
It apparently comes with this raft of fake websites that mimic genuine apps and use phishing to obtain your sensitive data like usernames and passwords. So far 32 apps like Coinbase, Bitpay and Bitcoin Wallet have been targeted, as well as many leading banks like J.P. Morgan, Wells Fargo and Bank of America.
Other payment systems that have been affected include PayPal, Revolut, Western Union, eBay, Walmart, Skype and WhatsApp. Many of us use these facilities so this is really a cause for concern and demands a heightened degree of awareness now.
The hackers who built this Trojan used special “automatic transfer systems” (ATS) to speed up and scale the thefts. The ATS maliciously autofills the fields in legitimate apps which then reroutes payment transfers to the accounts of the hackers. So you may not even know it is happening to you until later. As many as 27 different fake crypto apps have been targeted so far in the USA alone. Other targeted countries include Poland, Australia, Germany and India. Curiously the “Gustuff” Trojan exploits a vulnerability in the accessibility designed for disabled users, making it quite rare and dangerously effective.
It seems the malware knows how to bypass changes to Google’s security policy and turn off the Google Protect feature.
It’s amazing to note that this particular malware has been for a year already, since April 2018, being first traced to a Russian cybercriminal named “Bestoffer” on a particular hacker forum. It does however target users of companies outside Russia primarily. These types of malware are sold or leased for up to $800 per month to any tech savvy would-be criminals, making it a constant concern of the rest of society. Sometimes hackers do get caught, fortunately and after the owners of one of the largest Android botnets were arrested recently, the number of daily hacks decreased threefold.
However, there are always new hackers to take their place and modify the Trojans available for exploitation.
The solution is obviously to only download your apps from Google Play and never install apps from third-party stores. Also be sure to install software updates and pay attention to any extensions on your downloaded files, and for now avoid any suspicious SMS links. It’s up to us to provide the last line of defense for our appliances and online presence since companies aren’t always able to do so, as much as they try.
Trojans are specifically insidious and hide in plain sight, completely fooling the unsuspecting user.
Modern tech has certainly made our lives easier but it has also facilitated the criminal world who are often the ones at the forefront of any new tech development, so warnings like these really need to be taken seriously, particularly since our fiat and cryptocurrency is the target here.