SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.gustuff (Back to overview)

Gustuff


Group-IB describes Gustuff as a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat and crypto currency from user accounts en masse. The Trojan uses the Accessibility Service, intended to assist people with disabilities.
The analysis of Gustuff sample revealed that the Trojan is equipped with web fakes designed to potentially target users of Android apps of top international banks including Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase etc. Group-IB specialists discovered that Gustuff could potentially target users of more than 100 banking apps, including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and users of 32 cryptocurrency apps.

References
2021-04-28ThreatFabricThreatFabric
The Rage of Android Banking Trojans
Anubis Gustuff Medusa
2020-02-01ThreatFabricThreatFabric
2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
2020-01-10CSISCSIS
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2019-10-21Cisco TalosChris Neal, Vitor Ventura
Gustuff return, new features for victims
Gustuff
2019-04-09Cisco TalosVitor Ventura
Gustuff banking botnet targets Australia
Gustuff
2019-03-28Group-IBGroup-IB, Pavel Krylov, Rustam Mirkasymov
Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
Gustuff

There is no Yara-Signature yet.