Group-IB describes Gustuff as a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat and crypto currency from user accounts en masse. The Trojan uses the Accessibility Service, intended to assist people with disabilities.
The analysis of Gustuff sample revealed that the Trojan is equipped with web fakes designed to potentially target users of Android apps of top international banks including Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, PNC Bank, and crypto services such as Bitcoin Wallet, BitPay, Cryptopay, Coinbase etc. Group-IB specialists discovered that Gustuff could potentially target users of more than 100 banking apps, including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India and users of 32 cryptocurrency apps.
|2020-02 ⋅ ThreatFabric ⋅ |
2020 - Year of the RAT
Anubis Cerberus Ginp Gustuff Hydra
|2020-01-10 ⋅ CSIS ⋅ |
Threat Matrix H1 2019
Gustuff magecart Emotet Gandcrab Ramnit TrickBot
|2019-10-21 ⋅ Cisco Talos ⋅ |
Gustuff return, new features for victims
|2019-04-09 ⋅ Cisco Talos ⋅ |
Gustuff banking botnet targets Australia
|2019-03-28 ⋅ Group-IB ⋅ |
Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications
There is no Yara-Signature yet.