Cryptocurrency and banking apps targeted by new Android malware

[Pab]

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

https://www.theblockcrypto.com/tiny/cryptocurrency-and-banking-apps-targeted-by-new-android-malware/

Cryptoocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files,” using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.

[adzino]

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

https://www.theblockcrypto.com/tiny/cryptocurrency-and-banking-apps-targeted-by-new-android-malware/

Cryptoocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files,” using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.

Of course anyone who will act dumb deserves to get scammed as this will help them to keep them aware of future scams and keep them safe. Downloading random stuffs from an unknown third party source is always risky and no one should actually do this. These all are just basic common sense.
And if you are using online wallets like coinbase, then please stop using those wallets. You are prone to getting scammed/hacked!

[hatshepsut93]

Of course anyone who will act dumb deserves to get scammed as this will help them to keep them aware of future scams and keep them safe. Downloading random stuffs from an unknown third party source is always risky and no one should actually do this. These all are just basic common sense.
And if you are using online wallets like coinbase, then please stop using those wallets. You are prone to getting scammed/hacked!

This is like saying "if you forgot to lock your door, you deserve to get robbed and murdered". A huge percentage of the population, especially the eldery and people with poor education are not very tech-savvy, and it's unrealistic to expect from everyone to know how malware and OS's work and to know all security best practices. It is the duty of all software developers to make their programs as resistant to malware as possible. Blaming the user doesn't work in the real world, because users will just stop using the product.

[BitMaxz]

This kind of strategy through SMS is an old strategy to spread a virus like on Symbian OS Nokia series before it may spread a virus that may damage your phone or monitor all of your activity like a keylogger. So it isn't possible to happen too in Android OS that may steal all of your crypto assets.

That is why if you receive something suspicious on SMS don't click it instead use a 3rd party apps that may block the number and mark it as spammy.

Also, beware of using clone Android phones or any MTK or Dragon CPU based phones because they don't have protection compared to original phones like Samsung. Also, don't root your phone because if it's rooted the virus can easily bypass your security remotely and steal your sensitive information.

[xWolfx]

This kind of strategy through SMS is an old strategy to spread a virus like on Symbian OS Nokia series before it may spread a virus that may damage your phone or monitor all of your activity like a keylogger. So it isn't possible to happen too in Android OS that may steal all of your crypto assets.

That is why if you receive something suspicious on SMS don't click it instead use a 3rd party apps that may block the number and mark it as spammy.

Also, beware of using clone Android phones or any MTK or Dragon CPU based phones because they don't have protection compared to original phones like Samsung. Also, don't root your phone because if it's rooted the virus can easily bypass your security remotely and steal your sensitive information.

And not only SMS, same with mail, chats or any other social network/communication platforms.

A phishing link could spread in a lot of ways not only that, even from an infected friend or a hacker impersonating your friend's email, for example by using something that looks alike or has the same name. Since with the things we do often we tend to not look too carefully into it.

It's surprising how many changes we could miss when they are inside the house we live in for example.

[MakeMoneyBtc]

Of course anyone who will act dumb deserves to get scammed as this will help them to keep them aware of future scams and keep them safe. Downloading random stuffs from an unknown third party source is always risky and no one should actually do this. These all are just basic common sense.
And if you are using online wallets like coinbase, then please stop using those wallets. You are prone to getting scammed/hacked!

It's not only users responsibility to protect themselves against malware viruses as developers of an app should take care of that by creating a secure system that protects their customers money. People can't do much against malware programs because most of the times they came from where you expect less and it's almost impossible to notice that your device was infected with a malware.
You can't just tell people to stop using this wallets becaude this would mean stop using bitcoin wallets at all since every single wallet is targeted by hackers.

[Bitinity]

It is not surprising to see many scam attempt through malware and it is obviously user's responsibility to keep their assets safe. Downloading app from Google Play is not 100% safe as there can be copied version of the original application although most of the time google play will delete it once they copied version is detected as bad app. We have to make sure that we are downloading the original/official application but it is still better not to use android application to store our assets.

[mk4]

For software wallets, I always suggest using a mobile phone instead of a computer, but unfortunately smartphones are slowly but surely closing up to computers in terms of how frequent it's being targeted by malware and viruses. Regardless, another perfect reason to not be cheap and invest in a good and reputable hardware wallet.

Hasn't malware always been about getting money? No surprise it's targeting banks and crypto.

Mostly for monetization purposes, but not necessarily stealing money. Some are for botnet usage, spreading PPC links, etc.

[amishmanish]

This is the part that i always get worried about as a partly tech-savvy user. For example, I understand the dont's:
1. Shouldn't download anything other than apps appearing on Google Play.
2. Don't click on random SMS links.

Now this part in the TNW article is scary:

The extent of Gustuff’s tricks is no joke. Push notifications featuring legitimate icons are said to appear. If they are clicked, either a web fake for the app is downloaded (in which a user could enter their sensitive data) or Gustuff will maliciously fill payment fields automatically to trigger illicit transactions at the server‘s command.

I have a few questions in this regard:

1. Can these "Push notifications" appear without you doing any of the two activites i listed above? If yes then how?
2. What kind of vetting process do apps "verfied" by Google Play go through. For example, A few days back, i installed some third party crypto-wallet on mobile (being offered by some ICO based company, CELER network i think, worked like crap so uninstalled). Now, what risk do i run considering that these apps aren't open-source?

I remember gmaxwell posting somewhere that it is best never to install any closed source applications when it comes to crypto-wallets.

[traderethereum]

I don't mind if the malware targets JPMorgan as the next victim oooppss

Joking.

But yes, crypto user installed so many apps in their android because they want to know a new app that could help them to make money. In the Google Playstore, itself cannot always protect the user, and it's the responsibility of each user to protect their android.
The review on the apps software doesn't guarantee that the apps are very good because we don't know who the user is, so make sure to be careful when you want to install any apps in your android.

[joniboini]

Also, don't root your phone because if it's rooted the virus can easily bypass your security remotely and steal your sensitive information.

We can use SU manager to block apps. Use Magisk Manager and you're good to go because most of the time they'll notify you if there is an apps requesting for root access. I personally root my phone and always be careful when I download apps from the internet.

[davis196]

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

https://www.theblockcrypto.com/tiny/cryptocurrency-and-banking-apps-targeted-by-new-android-malware/

Cryptoocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files,” using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.

SMS spam is more dangerous than the oldschool email spam,because people tend to trust more SMS messages(and there aren't any SMS spam filters,AFAIK).However,I would never download and install any apps that aren't listed on Google Play(an app being listed on Google Play isn't a safety guarantee though).

[alisafidel58]

That is why I don't click or download thing that is suspicious. You need to be more cautious nowadays, you will be at risk if you keep playing dumb when someone sends a link to you.

[Nadziratel]

A new Trojan horse malware is trying to steal fiat and crypto assets, the Next Web writes. The malware called “Gustuff” is designed specifically for Android phones, targeting customers of big international banks and cryptocurrency exchanges.

https://www.theblockcrypto.com/tiny/cryptocurrency-and-banking-apps-targeted-by-new-android-malware/

Cryptoocurrency apps have been targets, including Coinbase, BitPay, and Bitcoin Wallet. The malware also targets JPMorgan, Wells Fargo, and Bank of America clients, as well as payment systems and messenger services.

Group-IB discovered Gustuff spreads via SMS messages. It provides links to “malicious Android package kit files,” using contact lists to spread from user to user. Group-IB advises users only download apps from Google Play.

I'm an Android user, and unfortunately the disadvantages of using Android's open source software store carry a lot of risk for us. I'm especially careful not to put too much sensitive content on my phone, but this protection can be effective.

I am about to buy new hardware wallet because of this problem.

[Broly46]

Creating malwares seem to be easier way to earn crypto, and it is easy to create malware than working in a successful ico, it’s very positive to me the malwares can be a hype soon.

[nickyhash]

step 1)  ENCRYPT YOUR PHONE
step 2) Verify software sources
step 3) use long alphanumeric passphrases (add special characters if possible)
step 4) Encrypt/Passphrase protect EVERYTHING
step 5) use a cold storage solution for large funds, only keep small amounts on connected devices

[Haunebu]

Creating malwares seem to be easier way to earn crypto, and it is easy to create malware than working in a successful ico, it’s very positive to me the malwares can be a hype soon.

What in the world are you talking about? Are you trying to encourage people to develop malwares in order to steal money? This is like telling people that it is easier to rob an ATM than work in a day job for 8-10 hours. Think before posting such nonsense.

Coming to the topic, mobile wallets were never that secure in the first place which is why paper and hardware wallets are much better solutions in this regard.

[Mpamaegbu]

Of course anyone who will act dumb deserves to get scammed as this will help them to keep them aware of future scams and keep them safe. Downloading random stuffs from an unknown third party source is always risky and no one should actually do this. These all are just basic common sense.
And if you are using online wallets like coinbase, then please stop using those wallets. You are prone to getting scammed/hacked!

This is like saying "if you forgot to lock your door, you deserve to get robbed and murdered". A huge percentage of the population, especially the eldery and people with poor education are not very tech-savvy, and it's unrealistic to expect from everyone to know how malware and OS's work and to know all security best practices. It is the duty of all software developers to make their programs as resistant to malware as possible. Blaming the user doesn't work in the real world, because users will just stop using the product.

I know we all can't be truly careful this day of improved high tech. To curtail all these one should only download certified app (that's apps rated at least 4+) from the Android playstore (If one uses Android, that is). This is what I do. I like to read reviews on apps before downloading and installing them.

[vv181]

This is the part that i always get worried about as a partly tech-savvy user. For example, I understand the dont's:
1. Shouldn't download anything other than apps appearing on Google Play.
2. Don't click on random SMS links.
~
2. What kind of vetting process do apps "verfied" by Google Play go through. For example, A few days back, i installed some third party crypto-wallet on mobile (being offered by some ICO based company, CELER network i think, worked like crap so uninstalled). Now, what risk do i run considering that these apps aren't open-source?

Actually, trusting an app within Google Play isn't enough. It is an old story that Play Store is bloated with a malware application. I don't know for sure why Google let this happen.

AFAIK, about the application listing on the Google Store, I don't see any effective technologies being used to overcome any malware application being listed, For sure it could be the reason why it fulls with malware apps.

Anyway, the recent Android OS security system already has a good practice. The user is informed about all application activity that required to use anything contained private action, and the user decides to allow it or not.

[Artemis3]

Of course anyone who will act dumb deserves to get scammed as this will help them to keep them aware of future scams and keep them safe. Downloading random stuffs from an unknown third party source is always risky and no one should actually do this. These all are just basic common sense.
And if you are using online wallets like coinbase, then please stop using those wallets. You are prone to getting scammed/hacked!

This is the same as the other phishing scams, such as that fake Electrum wallet that too many forum members fell for, people dumb enough to lose half or even a million dollars by doing the most ridiculous thing: Trusting a rogue download link. And as long as the world has such dumb people around, so will phishers exist. I mean, How many here are still using windows with their wallets? No wonder this still happens.

Too lazy to use Linux, too lazy to make a paper (cold) wallet, too lazy verify a download link, too lazy to check a program signature or cryptosum, too lazy to put large funds into the cold wallet and only keep the spare change in the hot one, etc.