Android has always been a centre of discussion when it comes to availability of malicious apps on its platform. Users keep discussing if they need an Antivirus app or not but the fact is Malware always finds a way to infect users, invade their privacy and harm them in any manner possible.
According to a report by GBHackers, a fully automated malware called Gustuff is targeting more than 100 banking, 32 Cryptocurrency and many other personal apps like WhatsApp and Messenger. The Gustuff malware takes advantage of Android’ accessibility service and steals login credentials of 100+ national and international bank and crypto apps.
Gustuff Uses Accessibility Services to Interact with Apps
As per the information provided by Group-IB, ” the 100 banking apps include 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and 32 cryptocurrency apps users.”
The primary goal of accessibility services in Android devices is to allow users to customize their device by modifying accessibility settings and enhance the experience as per their need. It includes various features designed for especially for people with disabilities related to visual, hearing, physical or speech impairments. These features make such people able to interact with web pages and apps easily.
The new Gustuff malware contains fake pages but it was initially designed as a classic banking trojan. Later, its capabilities have been enhanced to target online stores, payment systems, banking apps, crypto services, and several chatting apps.
Talking about banks, it’s targeting banking app users of many popular banks such as Bank of America, Bank of Scotland, Capital One, TD Bank, PNC Bank, J.P.Morgan, Wells Fargo and Cryptocurrency services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase, etc.
Though the process of infection is similar to some other malware, making its way through accessibility isn’t that usual. Gustuff Android malware distributed through SMS that contains a link to download apk files, once it gets installed on the device, further spreads through contacts and ultimately uses accessibility services to interact with the various banking apps, cryptocurrency wallets, Messenger, WhatsApp, etc.
“The malware is capable of performing an action such as change the values of the text fields in banking apps, Push fake notification requesting payment card details and with the help of Accessibility Service it automatically fills details and performs unauthorized transactions,” as per the analysis by Group-IB.
Google is improving its Android ecosystem and its best to remove suspicious apps and make the platform safer. Meanwhile, you must check the permissions before installing any random app and never allow the access privileges to unknown apps. Lastly, Gustuff malware is designed by Russian-speaking cybercriminal to target customers of international companies.