Android has always been the topic of debate when it comes to malicious apps available on its App Store. Malware always ends up finding ways to infect users, invade their privacy and cause various harms to the user as well as the device, sometimes even in the presence of antivirus. Recently Google Play Store was spotted to have a malware called SimBad infect more than 200 apps, which was later removed by Google.
Now, According to a report by GBHackers, a fully automated malware called Gustuff is targeting more than 100 banking, 32 cryptocurrency and many other personal apps such as WhatsApp and Messenger. The Gustuff malware uses Android’s accessibility services and steals login credentials of more than 100 national and international bank and crypto apps.
According to information provided by Group-IB, “the 100 banking apps include 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and 32 cryptocurrency apps users.”
Google has provided accessibility service with Android to provide users with options to customize their device by modifying accessibility settings and enhance the experience according to their need. It includes features designed to cater to people with disabilities related to visual, hearing, physical or speech impairments. With these features, people with the aforementioned disabilities can interact with webpages and apps easily.
The Gustuff malware was designed as a classic banking trojan but now contains ake webpages. Later, the malware was subjected to improved capabilities to target online stores, payment systems, banking apps, crypto services, and several chatting apps.
The malware has been reported to target various popular bank apps such as Bank of America, Bank of Scotland, Capital One, TD Bank, PNC Bank, J.P.Morgan, Wells Fargo and Cryptocurrency services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase, etc.
Although the process of infection is similar to any other malware, Gustuff’s move to make its way through accessibility is unusual. The malware is distributed through SMS containing a link, clicking on which would download apk file to the device. Once it has been installed on the device, it spreads further through contacts and later on uses accessibility service to interact with the various banking apps, cryptocurrency wallets, Messenger, WhatsApp, etc.
The Gustuff malware is created by Russian speaking cybercriminal in order to target international company customers.
“The malware is capable of performing an action such as change the values of the text fields in banking apps, Push fake notification requesting payment card details and with the help of Accessibility Service it automatically fills details and performs unauthorized transactions,” as per the analysis by Group-IB.
Google has been making efforts to make the Play Store more secure and less likely to be infected with malware and adware apps.
Yesterday, Google released its fifth annual security and privacy report. The report states an increase in potentially harmful application (PHA) downloads–as click fraud is now added to the PHA category, nevertheless, Google has shown its optimism saying the “overall health of the Android ecosystem improved.”
The percentage of PHAs downloaded from Google Play Store increased from 0.02 percent in 2017 to 0.04 percent in 2018. “If we remove the numbers for click fraud from these stats, the data shows that PHAs on Google Play declined by 31 percent year-over-year,” the report says.
ALSO READ:
- Firefox, Chrome try blocking spammy website notifications to enable seamless browsing
- iPhone 11 might come with reverse wireless charging and bigger battery
- Google removes ‘dangerous’ apps from Play Store, issues advisory to users for uninstalling