An Android banking trojan, that targets users of the Australian Government’s my.gov.au site and also users of the National Australia Bank website, has been spotted by security firm Kaspersky, which claims the malware is adopting what it describes as “unusual” tactics.
In a statement, the company, formerly known as kaspersky Lab, said the Trojan-Banker.AndroidOS.Gustuff had been noticed in recent traffic from its botnet tracking system.
The SMS campaign included messages like “Jassica shared an album with you hxxp://instagram-shared.pw/SexyJassica on Instagram Shared”. If these messages were opened on a device which had an Australian IP address, the URL would redirect to the malware site and download it.
“Besides common technique of monitoring installed applications and overlaying them with a WebView, Trojan-Banker.AndroidOS.Gustuff now checks for URLs opened in a browser and is able to open a WebView with a fake site overlaying the original Web page,” Oleg Abdurashitov, Kaspersky’s head of APAC public affairs, said.
“This method is currently used by Gustuff to steal users’ credentials for Australian Government service “MyGov” and the National Australian Bank Internet Banking service.”
The trojan did not limit its activities to these two websites. Banking applications, payment applications and crypto-wallets were also targeted and users’ credentials were harvested by either downloading a phishing Web page from a command-and-control server or by loading a Web page from the local archive on the device saved earlier by Gustuff and overlaying the original app interface.
A full list of the trojan’s targets is available here.
BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT
You cannot afford to miss this Dell Webinar.
With Windows 7 support ending 14th January 2020, its time to start looking at your options.
This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.
When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer
QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm
Register and find out all the details you need to know below.
ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER
iTWire can help you promote your company, services, and products.
Get more LEADS & MORE SALES
Advertise on the iTWire News Site / Website
Advertise in the iTWire UPDATE / Newsletter
Promote your message via iTWire Sponsored Content/News
Guest Opinion for Home Page exposure
Contact Andrew on 0412 390 000 or email [email protected]