Cryptocurrency and banking apps targeted by new Android malware

Startups • March 28, 2019, 3:00PM EDT
Partner offers
The Block may may earn a commission if you use our partner offers, at no extra cost to you.

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

According to the cybersecurity company Group-IB which identified the new threat, Gustuff comes equipped with fully automated functionality that causes “mass infections and maximum profit for its operators.” The malware phishes for sensitive data utilising Android‘s accessibility features. 

“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” said Group-IB.

Group-IB also warned the malware can mimic legitimate push notifications.

So far, 32 cryptocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files," using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by Carol Gaszcz