Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Gustuff Android Banker Switches Up Technical Approach
#1
Bug 
Quote:An Instagram-initiated campaign using the Gustuff Android mobile banking trojan has rolled out in October, featuring an updated version of the malware that lowers its detection profile.
 
How the cybercriminals are rolling out the campaign is the same as a previous offensive seen in June, according to researchers at Cisco Talos: Instagram posts designed to lure users into downloading and installing malware are the initial attack vector. Once infected, SMS messages from the device are used to propagate the trojan to others in the victim’s contact lists.
 
And, just as before, the campaign mainly targets Australian banks and digital currency wallets, looking to steal credentials and financial data.
 
The application target pool has widened, however: This new version of Gustuff is also looking to harvest user names and passwords for hiring sites’ mobile apps, and interestingly, credentials used on the official Australian government’s web portal, according to the researchers.
 
“During our investigation, we received a command from the [command-and-control server] C2 to target the Australian Government Portal that hosts several public services, such as taxes and social security,” according to an analysis posted on Monday. “The command was issued before the local injections were loaded (using the changearchive command). The injections were loaded from one of the C2 infrastructure servers. This command is not part of the standard activation cycle and…this represents a change for the actor.”

Read more here: https://threatpost.com/gustuff-android-b...ch/149403/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
The slowest Meteor Lake spotted: Intel C...
Intel Core Ultra 5...harlan4096 — 12:47
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>