Gustuff Android Trojan Targeting 30+ Cryptocurrency Apps & 100 International Banks

  • Gustuff Trojan features unique automation and widespread support, streamlining the stealing of money.
  • Featuring a sophisticated ATS system, the Trojan is designed to perform and take over transactions on its own.
  • Furthermore, it can disable Android's protection systems, steal data, and even reset the phone to factory settings.

Cybersecurity firm Group IB has released their 'High-Tech Crime Trends' report that comes with a revelation about a new Trojan that quickly climbed the ranks of the most used tools out there right now. Named “Gustuff”, the Trojan was first seen about a year ago, but its systematic and continuous updating has made it a powerful bank credential phishing tool that features amazing inter-operative capabilities, automating bank transactions for 32 cryptocurrency apps and support for over a hundred banking apps. This sophistication has taken Gustuff among the ranks of the LokiBot and the Anubis banking malware, an especially stealthy tool that we wrote about at the start of the year.

Gustuff is covering major banks and Android payment apps such as the Bank of America, J.P. Morgan, Wells Fargo, Bank of Scotland, Western Union, eBay, PayPal, Skype, Revolut, Walmart, WhatsApp, Coinbase, Bitcoin Wallet, and more. This increases the attack surface and the possibilities of cybercriminals getting their hands on the payment data of victims, and that is one important reason why so many of them are using Gustuff. But the range of support is not the only trick up Gustuff’s sleeve.

Gustuff features a powerful and streamlined ATS (Automatic Transfer Service) system, enabling it to open the supported apps, fill in the phished credentials (which were acquired through social engineering), and then make the transactions. The cybercriminals have no direct involvement in this whole process, so they can sit back and relax while the money is stolen and transferred to their accounts automatically. Gustuff's creators have implemented this functionality by taking advantage of the 'Accessibility Service' which is meant to help people with disabilities register user input across Android and individual apps.

For now, the Google Play Store remains free of apps that are infected with the Gustuff Trojan, and the researchers have only noticed spam SMS messages containing links that point to the malicious APK file. If Gustuff finds its way to the Play Store, Android phones will face serious trouble, as the Trojan has the capacity to disable the Google Play Protect services, push any kind of masqueraded notifications, and collect images or videos that are stored in the phone. This helps malicious actors conduct the social engineering part that we mentioned above. Finally, the nastiest feature of Gustuff is to perform a factory reset on the infected phone, wiping out all traces that are left on the device.

Are you using any antivirus app on your Android device, and if yes, which one? Let us know in the comments below, and don’t forget that you have the power to help us warn others of threats like the Gustuff, by sharing this post through our socials on Facebook and Twitter.

How to Watch Macy Murdoch Online: Stream the 2023 Spin-Off Series from Anywhere
Macy Murdoch is a new original tween mystery series, and we have the episode guide and release schedule, premiere date, cast, and...
Euro 2024 Qualifiers Live Stream: How to Watch International Soccer Online from Anywhere
The road to Euro 2024 is about to get underway, and Europe’s leading soccer stars will be battling it out to qualify...
How to Watch Redemption Online for Free: Stream the Paula Malcomson Series from Anywhere
Redemption is an upcoming British drama TV series featuring Paula Malcomson. You will find below all the information you may need, including...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari