It seems some overzealous cryptocurrency traders didn’t get the memo that exchange service Cryptopia is shutting down – and they’re still trying to make deposits to the platform.
In a tweet earlier today, the embattled exchange warned users not to send funds to the trading platform. The message was written in all caps, so you know they meant it.
It’s odd the exchange hadn’t blocked deposits – especially since it’s going out of business.
For those new to the Cryptopia drama, the New Zealand-based exchange announced it is closing doors and halting all trading in a post on Wednesday, May 15. The company further added it has already appointed liquidators to take care of its remaining assets.
The reason for the shutdown was a debilitating hack, which took place in January and cost Cryptopia $16 million in stolen funds . Although the exchange briefly resumed trading in March , it seems it couldn’t pull through the financial struggles caused by the attack.
“Despite the efforts of management to reduce cost and return the business to profitability, it was decided the appointment of liquidators was, in the best interests of customers, staff and other stakeholders,” Cryptopia said in its farewell announcement.
Unfortunately, chances are the liquidation process will drag on for a while, which means users might have to wait to reclaim any coins they held on the platform.
Anyway, you better find another exchange to gambl… I mean trade – Cryptopia is no longer providing that service.
New Android malware targets 32 cryptocurrency apps and 100 international banks
A brand-new generation of Trojan horse malware for Android phones has been revealed, tailored specifically towards stealing fiat and digital assets from customers of top international banks and cryptocurrency exchanges.
Cybersecurity firm Group-IB , which found the malware (already named “Gustuff”), warn it comes with fully automated (and unique) functionality aimed at “mass infections and maximum profit for its operators.” Until now, this Trojan has never been reported or analyzed.
Gustuff is said to come with a raft of “web fakes” that mimick apps to phish for sensitive data (like usernames and passwords) from unsuspecting users, who are tricked into using Gustuff’s versions instead. Users of 32 cryptocurrency apps like Coinbase, BitPay, and Bitcoin Wallet are targeted specifically.
Web fakes for leading banks like J.P. Morgan, Wells Fargo, and Bank of America are included. 27 Apps specific to the US were spotted, 16 in Poland, 10 in Australia, nine in Germany, as well as eight in India.
Gustuff also “supports” payment systems and messenger services PayPal, Revolut, Western Union, eBay, Walmart, Skype, and WhatsApp.
Gustuff spreads itself via links sent via SMS
Group-IB labelled Gustuff a “weapon of mass infection,” particularly as it uses SMS messages with links to load malicious Android package kit files. As soon as an Android device is hit, a remote server automatically spreads the Trojan further through its contact lists or related server database.
Its creator(s) even built special “Automatic Transfer Systems” (ATS) to speed and scale the thefts. ATS autofills fields in legitimate apps with malicious data during normal use (eg: replacing bank details with those related to the attackers).
To make this work, Gustuff uses Android‘s accessibility features designed for users living with disabilities. Group-IB noted the use of ATS helped by Android’s Accessibility Service makes it a relatively rare occurrence.
“Using the Accessibility Service mechanism means that the Trojan is able to bypass security measures used by banks to protect against older generation of mobile Trojans and changes to Google’s security policy introduced in new versions of the Android OS,” said Group-IB. “Moreover, Gustuff knows how to turn off Google Protect; according to the Trojan’s developer, this feature works in 70 percent of cases.”
The extent of Gustuff’s tricks is no joke. Push notifications featuring legitimate icons are said to appear. If they are clicked, either a web fake for the app is downloaded (in which a user could enter their sensitive data) or Gustuff will maliciously fill payment fields automatically to trigger illicit transactions at the server‘s command.
“The malware is also capable of sending information about the infected device to the C&C server [the hackers], reading/sending SMS messages, sending USSD requests, launching SOCKS5 Proxy, following links, transferring files (including document scans, screenshots, photos) to the C&C server, and resetting the device to factory settings,” warned researchers.
Companies can do more to protect against Gustuff
Group-IB was able to trace Gustuff back to posts on hacker forums starting in April 2018. The posts advertised the Trojan as a “serious product for individuals with skills and experience,” which could be leased for $800 per month.
Gustuff was pitched as the successor to the AndyBot malware, which has been plaguing Android phones and stealing money using web fakes that pretend to be mobile apps in much the same way since November 2017.
The firm’s analysts also noted that although this Trojan was created by a Russian-speaking cybercriminal named “Bestoffer,” it operates exclusively with international markets.
“All new Android Trojans offered on underground forums, including Gustuff, are designed to be used mainly outside Russia, and target customers of international companies,” said Rustam Mirkasymov, Group-IB’s head of dynamic malware analysis.
“In Russia, after the owners of the largest Android botnets were arrested, the number of daily thefts decreased threefold, Trojans’ activity became significantly less widespread, and their developers focused to others markets,” he continued. “However some hackers ‘patch’ (modify) the Trojan samples and reuse it in their attacks on users in Russia.”
In order to avoid Trojans like Gustuff, Group-IB advises users of mobile Android devices should strictly download apps from Google Play. They should also never install apps from insecure third-party stores. “ It is important to always install software updates, pay attention to downloaded files’ extensions and of course avoid suspicious SMS links,” Mirkasymov told Hard Fork.
The firm also urged companies to use signature-based detection methods to better protect their clients against malware. These identify customer devices with special “device fingerprints,” and can help detect usage of stolen account credentials from unknown devices.
Did you know? Hard Fork has its own stage at TNW2019 , our tech conference in Amsterdam. Check it out .
Russia reportedly enacts laws defining cryptocurrency and smart contracts
Russia has reportedly just enacted a new “digital rights act” that defines smart contracts and cryptocurrency tokens. Russian news outlet Regnum reported the act came into force yesterday.
The new laws were first announced earlier this year and outlined how smart contracts and digital tokens would be thought of, legally speaking.
The bill establishes the concept of “digital rights” in Russian law. In effect, the bill sees digital rights like securities or a set of contractual rights that state what a holder is entitled to.
These laws determine how these digital rights can then be exercised and transferred. As such, digital rights are now seen as assets within Russian civil legislation, and will fall under the remit of civil law .
Interestingly, the laws group the automatic execution of smart contracts along with other automatic systems that banks use to take payments for bills.
The act will also require information systems to identify a digital rights owner, participants of a transaction, and allow reproduction of the terms of the agreement.
While the country is yet to fully embrace cryptocurrency, this is at least a step toward officially regulating the space.
In Russia, for something to be legally regulated it must be written into the country’s civil code. The country does not rely on precedents, so if something is not in the civil code it falls outside any legal protection .
Want more Hard Fork? Join us in Amsterdam on October 15-17 to discuss blockchain and cryptocurrency with leading experts.
