SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.gustuff (Back to overview)

Gustuff

Group-IB describes Gustuff as a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat and crypto currency from user accounts en masse. The Trojan uses the Accessibility Service, intended to assist people with disabilities.
The analysis of Gustuff sample revealed that the Trojan is equipped with web fakes designed to potentially target users of Android apps of top international banks including Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase etc. Group-IB specialists discovered that Gustuff could potentially target users of more than 100 banking apps, including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and users of 32 cryptocurrency apps.

References
2021-04-28ThreatFabricThreatFabric
@online{threatfabric:20210428:rage:2ee0e0b, author = {ThreatFabric}, title = {{The Rage of Android Banking Trojans}}, date = {2021-04-28}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/the-rage-of-android-banking-trojans.html}, language = {English}, urldate = {2021-05-04} } The Rage of Android Banking Trojans
Anubis Gustuff Medusa
2020-02ThreatFabricThreatFabric
@online{threatfabric:202002:2020:b875962, author = {ThreatFabric}, title = {{2020 - Year of the RAT}}, date = {2020-02}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/2020_year_of_the_rat.html}, language = {English}, urldate = {2020-02-27} } 2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
2020-01-10CSISCSIS
@techreport{csis:20200110:threat:7454f36, author = {CSIS}, title = {{Threat Matrix H1 2019}}, date = {2020-01-10}, institution = {CSIS}, url = {https://gallery.mailchimp.com/c35aef82661dad887b8162a4f/files/e24e8206-a157-4796-a8cb-2b7262cc76e8/CSIS_Threat_Matrix_H1_2019.pdf}, language = {English}, urldate = {2020-01-22} } Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2019-10-21Cisco TalosVitor Ventura, Chris Neal
@online{ventura:20191021:gustuff:7db6d90, author = {Vitor Ventura and Chris Neal}, title = {{Gustuff return, new features for victims}}, date = {2019-10-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/10/gustuffv2.html}, language = {English}, urldate = {2020-01-10} } Gustuff return, new features for victims
Gustuff
2019-04-09Cisco TalosVitor Ventura
@online{ventura:20190409:gustuff:4028ab8, author = {Vitor Ventura}, title = {{Gustuff banking botnet targets Australia}}, date = {2019-04-09}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html}, language = {English}, urldate = {2019-07-31} } Gustuff banking botnet targets Australia
Gustuff
2019-03-28Group-IBGroup-IB, Pavel Krylov, Rustam Mirkasymov
@online{groupib:20190328:groupib:e9956d2, author = {Group-IB and Pavel Krylov and Rustam Mirkasymov}, title = {{Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications}}, date = {2019-03-28}, organization = {Group-IB}, url = {https://www.group-ib.com/media/gustuff/}, language = {English}, urldate = {2019-07-09} } Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
Gustuff

There is no Yara-Signature yet.