New Trojan attacking our Androids means we should never let our guard down when going online

in #crypto6 years ago

Android mobile phone users need to be aware of the recent Trojan malware just discovered by cybersecurity firm Group-IB which appears to be tailored towards stealing fiat and cryptocurrency. Malware is any piece of software designed to damage a network or gain access to information without the user’s knowledge.


source

In fact the attack is called Trojan because it is exactly like a Trojan horse which in Greek mythology was once given by the Trojan Empire to their enemy during a war between the two. It was actually a war tactic to gain access to the enemy’s walled city by building a large horse sculpture as an apparent gift left at the gates.

When the enemy opened the gates and took it in, thinking it a gift, the Trojan soldiers hiding inside the giant sculpture jumped out and attacked the city, gaining a victory by this ruse.

In the same way, a Trojan malware is usually executed by the victim themselves, who unknowingly accepts the piece of software or allows it access while it is disguised as something else. In this case the malware named “Gustuff” is spread via SMS message which has links to load fake malicious Android package kit files. This is a weapon of mass infection which has been around since 2018 but has never been reported or analysed until now.

It apparently comes with this raft of fake websites that mimic genuine apps and use phishing to obtain your sensitive data like usernames and passwords. So far 32 apps like Coinbase, Bitpay and Bitcoin Wallet have been targeted, as well as many leading banks like J.P. Morgan, Wells Fargo and Bank of America.

Other payment systems that have been affected include PayPal, Revolut, Western Union, eBay, Walmart, Skype and WhatsApp. Many of us use these facilities so this is really a cause for concern and demands a heightened degree of awareness now.

The hackers who built this Trojan used special “automatic transfer systems” (ATS) to speed up and scale the thefts. The ATS maliciously autofills the fields in legitimate apps which then reroutes payment transfers to the accounts of the hackers. So you may not even know it is happening to you until later. As many as 27 different fake crypto apps have been targeted so far in the USA alone. Other targeted countries include Poland, Australia, Germany and India. Curiously the “Gustuff” Trojan exploits a vulnerability in the accessibility designed for disabled users, making it quite rare and dangerously effective.

It seems the malware knows how to bypass changes to Google’s security policy and turn off the Google Protect feature.

It’s amazing to note that this particular malware has been for a year already, since April 2018, being first traced to a Russian cybercriminal named “Bestoffer” on a particular hacker forum. It does however target users of companies outside Russia primarily. These types of malware are sold or leased for up to $800 per month to any tech savvy would-be criminals, making it a constant concern of the rest of society. Sometimes hackers do get caught, fortunately and after the owners of one of the largest Android botnets were arrested recently, the number of daily hacks decreased threefold.

However, there are always new hackers to take their place and modify the Trojans available for exploitation.

The solution is obviously to only download your apps from Google Play and never install apps from third-party stores. Also be sure to install software updates and pay attention to any extensions on your downloaded files, and for now avoid any suspicious SMS links. It’s up to us to provide the last line of defense for our appliances and online presence since companies aren’t always able to do so, as much as they try.

Trojans are specifically insidious and hide in plain sight, completely fooling the unsuspecting user.

Modern tech has certainly made our lives easier but it has also facilitated the criminal world who are often the ones at the forefront of any new tech development, so warnings like these really need to be taken seriously, particularly since our fiat and cryptocurrency is the target here.

Sort:  

Dear @runicar

Im myself NOKIA user so I do not have to worry about such a threats. But it is surely very valuable information.

I hope you don't mind that I will share with with wider audience and attract some traffic to your publication as I would also like to hear feedback coming from other people :)

Yours
Piotr

This is the kind of mess that makes me happy I do not use a phone. By all means use the google play store since the nsa has got your back!

Nothing is secure in the online world. I change passwords often and I am glad to let others do my worrying and research for me. Everyone is still fat, so I need to stay on message as best I can.

Neither do I have a phone, and I'm glad I don't – for 2 reasons.

First, security. Just being online when using my computer means that I'm open to invasion or attack. Using a VPN helps, but even that is not a perfect solution.

Second, freedom. When at home, I spend plenty of time on my computer. When I go out, I see many people virtually chained to their smartphones, even here in Thailand and even on my recent extended stay in Laos. I wanna keep in touch with the real world, and I can do so much more effectively if I don't carry a phone with me.

Good luck in your continued campaign to help people become healthy. (And maybe we can also launch a mini campaign to get people off their bloody phones!!)

You should do a google search for NOKIA Phone hacked, You are not safe. There is no 100% safe system out there other than to not use a computer for any financial transactions, but then again your bank and financial institutions are subject to being hacked and your identity stolen through that hack.

Hey @crypto.piotr

Thanks for stopping by and sharing my content with your friends, I greatly appreciate it!

I agree with @bashadow, no phone or device is 100% safe. Hackers are getting wittier by the day :D

@crypto.piotr thank you so much for sharing the link to this post to me. I might have missed it if you didn't do so.

Posted using Partiko Android

This is one of those topics I usually refrain from commenting, but I really care about people and would love to see more freeing themselves from another shackle, since, mobile phones are the second biggest form of control of the masses (money is the biggest), and from what can be seen mobile phones whether smart or not, don't really help anybody, in fact it enslaved most, even more..

Anyway, of all the bad choices You selected the best, if You really think You need a mobile device, NOKIA is the one to go with.. And before getting eaten alive by the mobile phone users (and I know You don't like external links still..), You should really start by checking this and develop further study by yourself on this matter, don't believe me, research on Your own.. https://www.activistpost.com/2018/01/your-cell-phone-is-a-psychotronic-weapon-of-mass-mind-control.html

Dear @cyberspacegod

Why do you refrain from commenting such a topics? Any particular reason?

And thank you for sharing with me this link. Appreciate :)

Yours
Piotr

Hey brother,

To be fully honest about why I do refrain from commenting some topics sometimes, beside being an introvert human that is fighting that to at least benefit the "whole" by questioning the "unquestionable" that the masses believe, said to us all by cult leaders, whether from States, governments, news (at this point both MSM and a great part of alternatives too), popes, priests, so called scientists, schools (the present education system is stupefying students instead of developing independent thought, incentivise curiosity, thirst for knowledge and understanding..), and after indoctrination, by the ones surrounding us, ostracizing the ones who think different because they actually decided to take responsibility on their actions and did the research by themselves, I'm getting tired of people not being able to understand that they're supporting their own enslavement in exchange of some materialistic "commodity", then whining about it not working as "it should" or being suddenly changed, attacked, hacked, because they didn't do the simple yet extensive work of researching and actually changing their current self-destructive ways, of not being able to understand in a logic and truthful way nature around them, of following scientism and not understanding what science really is by themselves (I'm already repeating myself), not because someone they don't know tells them so, of not following their heart, following propaganda, a lot of other stuff, and of being in this fight, ostracized for too long, yet, not being able to quit because once You expand Your mind and know something its impossible to go back and live as if it wasn't nothing as if it didn't exist in the first place..

I've used to hack stuff, to code trojans, virus, cracking applications, games, picking the most various kinds of locks, played with a lot of chemistry, had planed and started to develop an "alter ego" device, only to get rid of it and trying my best to forget how I got to that so it wouldn't be used as another tool to enslave humanity, and a lot of other stuff, for the fun of it, for being a challenge, to learn how something works and get around it, create something new or simply get access to something supposedly "secure" only to demonstrate that it isn't, most of the times because the user didn't want to learn something, call it laziness, stupidity, absence of self mind control, that I can't answer, never could, in my mind I was like, "..how can people do stuff that harms themselves even after knowing what they are doing to them and others.. and don't f"#$in stop!? Why do they only pay attention to garbage!?", and I think I'm just a regular Joe not that smart but..

Sigh.. Sorry about this rant and I'll try to finish since I've already said too much, I think it's a good thing that there are still hackers going around messing things up, even stealing cryptos (maybe people start opening their eyes for the true reality around them), I've retired from that after breaking into my own ISP, and now they're a lot more secure (and do I care that a couple of people got fired? Yes, it still haunts me but if they haven't slacked, it could have been secure from the beginning as it is now, instead of almost opening bankruptcy of the ISP..)..

No need to thank for the link it was nothing, and sorry about all of this but I guess my "buttons" are very sensitive right now, and I might be on the verge of "exploding"..


Don't worry, it's not Your fault, I'm not really feeling that well lately, being alone for too long and knowing a lot more than what I can discuss about with people around me, beside being alone for the great majority of time not helping, miss the ability to smile.. Doesn't matter..(..and I think to myself.. "Stop f#$%ing whining Cy, get a hold of yourself cause there are still people in need that You can help!!")

Thank You dear @Crypto.Piotr for caring and being the one to ask, for I like You and have a lot of respect for You, if it had been another person I would probably enter in an ad hominem argument sooner or later instead of breathing and calming down a bit to remain the most present possible, not that I want but there are still a few things happening in my life that I can't control and might get me in a freakin' bad place..

Have an amazing day friend, wish You all the best,

Cy

Dear @cyberspacegod

Thank you for that amazing comment. I only had a chance to read it now. Appreciate.

Sigh.. Sorry about this rant

I actually enjoyet your rant. I only wish you would hit "enter" button more often to make your comment easier to read.

I like You and have a lot of respect for You

now I'm blushing :)

there are still a few things happening in my life that I can't control and might get me in a freakin' bad place..

I'm not the best in comforting people. Years ago I even told once a girl I was dating (on one of our first dates) to "get your shit together" when she was whining to much :) I can give you very same advice :)

Yours, Piotr

Dear @Crypto.Piotr

I dont really think it was amazing, still, thank You ^^D

And I'm glad that You enjoyed it, I thought that pretty much everyone wouldn't =X..
..no need to blush, You deserve appreciation and respect for what You have done and who You are ;)

Also, You might not think that You are good at comforting but, You actually do it very well, it might seem cold to some, but to people who like to live in truth and prefer to deal with it instead of lies, You do a great job xP I agree with the winning whining part (If not mistaken I think I thought of that to myself in the rant xD).

Cheers brother []

Dear @cyberspacegod

I just realized that (somehow) I've missed your previous comment. Just wanted to thank you for being always so responsive and sorry for such a late reply.

You deserve appreciation and respect for what You have done and who You are ;)

I need to show those words to my wife hahaha :)

Yours
Piotr

Dear @Crypto.Piotr

It's easy to lose track of everything around here, so, no worries ^^P..

And there is no need to thank nor be sorry for anything, it happens to me a lot for a lot of different reasons, I'm actually with this post opened in other tab for a couple of days, or maybe more, and whenever I start to comment, something happens and I have to leave it to a later time =S..

And I do believe Your wife knows much better than I do "that quote", and probably she is also responsible for that so, give each other the deserved appreciation (I do remember You saying in some posts that she helped You write top notch English, so she also deserve it =P) ^^Ð

All the best
Cy

Loading...

@runicar Thank you for sharing this important information! I am an Android user so it is something I definitely needed to be aware of. I have resteemed it so that more people will be able to see it.

Also, thank you @crypto.piotr for sharing the link to this post. As an Android user it is absolutely helpful and I really appreciate it.

Posted using Partiko Android

I'm glad you found it useful @yashny! Thank you for being so kind to resteem in order to raise awareness amongst your followers.

No mention =)

This is a great article -- I am glad I read it to be informed and stay sharp.

I also enjoy your style of writing; Your conversational tone makes it easy to digest complicated or new issues.

Keep up the good work and I'll make sure to keep my guard up when on my Android!

Thanks for the compliment. I'm glad you enjoyed it!

Very alarming . We need blockchain base OS for smart phone.

Posted using Partiko Android

They're starting to make those! I think it was HTC... or Huawei? One of them was touting a blockchain based phone a while back. Might be a couple of years before we hear of it again, as these things typically go.

However, it should be of note: A blockchain OS won't necessarily stop these viruses. Faulty code is faulty code, and therefore can be targeted. I hope no developer ever becomes so blinded by their love of blockchains that they refuse to accept you still need to be competent when creating one.
It's one thing when your Instagram-latte-photo-album gets hacked, but it's a whole other thing when your money goes buh-bye 💰👋

Posted using Partiko Android

The solution is obviously to only download your apps from Google Play and never install apps from third-party stores.

And just yesterday I was reading about Google being before congress trying to explain why they were secretly listening to people through APPS they provided. ..

There is no safe and secure computer system at all, not one that can not be hacked, thus why I am not to worried about AI ever really becoming real. The Pentagon has been hacked before, the UN has been hacked, the Kremlin has been hacked and the Chinese government has also been hacked. No safe system at all, why? because of built-in government mandated back doors? Or company owned back doors, or developer made back doors.

People just need to remember that if you put your bank info in your computer or your phone, you are going to possibly lose money. Credit cards are somewhat protected, the rest of your bank info is not.

There is no safe and secure computer system at all, not one that can not be hacked, thus why I am not to worried about AI ever really becoming real.

I completely agree with you but sadly we don't have much of a choice nowadays.

Interesting also to read how smart hackers are.

Also interesting: a Russian criminal says Russian criminals are stealing mainly outside Russia...

Bestoffer isn't that the hacker asking for ransom?

Let's assume someone sends me an SMS (nobody does except for the provider) how can this 'Trojan horse' lay its hands on my money?

Posted using Partiko Android

They are just getting smarter every day!

Yeah, they are probably trying to avoid prosecution by their government by not targeting locals.

There is a variety of things a hacker might do. He can infect your device with a keylogger, get your passwords and use that information to send your coins to their wallets. He can also replace the address when you try to send crypto to someone with their address. That's just the tip of the iceberg of the endless possibilities by which a malicious user might gain access of your funds.

I'm not programmer so I don't really know the full implications of what a hacker might be able to do so I'm just scratching the surface here of what I know is possible nowadays and what I heard is already taking palce.

Firstly i like to thanking Mr. @crypto.piotr, for sending me such kind of informative post.

Before our independence the virus of smallpox was really thread for our country people, those people who was attracted by this virus, it was quite impossible to cure him, he have do died. For the time being the medical scientist invention the vaccine for this dangerous virus, now it is not thread for any one. But most positive think is that making awareness among the people able to control the death rate of those people how are attracted by smallpox.

Like that some dishonest programmer always love to make computer virus, malware, Trojan for their own interest, we have a time when we are using any operating system without installing a better antivirus, antimaleware system, but now days we are using better performing operating system against, viruses, malware and Trojan. Because we have really consciousness about it, but the people who have a very negative intention they are really so much talent, they are not using their talent for the good work.

Thanks a lot @runicar for those kind of valuable information, hope we will very sencier to use our valuable online account.

The problem is that it's much harder to build a safe and secure system than it is to break it. It may even be impossible to create an impenetrable system thus we will always be at risk and will have to take extreme caution when handling our funds online.

I'm glad you enjoyed my article and thank you for leaving a valuable comment!

You most welcome dear..

Posted using Partiko Android

The sad things is that these attacks will get worst as most cryptocurrencies and developers still have a ways to go to improve security and interface to protect against attacks. It is best to always verify many times anything externally accepted and also always use 2FA!

Posted using Partiko iOS

The problem is that it's much harder to improve security than it is to break it.

Thanks for this. Note to self. Even though there are those who don't download much, still there are links that we accidentally click or press while browsing on our phones. Always practice caution. There are already very wise tips commented here and those surely help, too.