Gustuff Banking Botnet Targets Australia

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message spam scam previously spotted in Australia. Although this malware's credential-harvest mechanism is not particularly sophisticated, it does have an advanced self-preservation mechanism. Even though this is not a traditional remote access tool (RAT), this campaign seems to target mainly private users.
The information collected by the malware and the control over the victim's mobile device allows their operators to perform more complex social engineering attacks. A motivated attacker can use this trojan to harvest usernames and passwords and then reuse them to login into the organization's system where the victim works. This is a good example where two-factor authentication based on SMS would fail since the attacker can read the SMS. Corporations can protect themselves from these side-channel attacks by deploying client-based two-factor authentication, such as Duo Security. One of the most impressive features of this malware is its resilience. If the command and control (C2) server is taken down, the malicious operator can still recover the malware control by sending SMS messages directly to the infected devices. This makes the taking down and recovery of the network much harder and poses a considerable challenge for defenders.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top