apk.gustuff (Back to overview)


Group-IB describes Gustuff as a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat and crypto currency from user accounts en masse. The Trojan uses the Accessibility Service, intended to assist people with disabilities.
The analysis of Gustuff sample revealed that the Trojan is equipped with web fakes designed to potentially target users of Android apps of top international banks including Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase etc. Group-IB specialists discovered that Gustuff could potentially target users of more than 100 banking apps, including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and users of 32 cryptocurrency apps.

The Rage of Android Banking Trojans
Anubis Gustuff Medusa
2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
2019-10-21Cisco TalosChris Neal, Vitor Ventura
Gustuff return, new features for victims
2019-04-09Cisco TalosVitor Ventura
Gustuff banking botnet targets Australia
2019-03-28Group-IBGroup-IB, Pavel Krylov, Rustam Mirkasymov
Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications

There is no Yara-Signature yet.