A previously unreported advanced banking trojan named Gustuff can steal funds from accounts at over 100 banks across the world and rob users of 32 cryptocurrency Android apps.
The threat sells for a monthly subscription of $800 and it was first spotted in April 2018. Its developer promotes it as an upgraded variant of AndyBot banking malware whose activity has been tracked since 2017.
The malware includes code to target top international banks such as Bank of America, Bank of Scotland, J.P.Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank. It also searches for cryptocurrency wallet apps like Bitcoin Wallet, or from services BitPay, Cryptopay, Coinbase, and more.
Paul Bischoff, Privacy Advocate at Comparitech.com:
“The Gustuff malware spreads by accessing the contact list of infected Android phones and sending out text messages with a link to the APK installation file. If you receive a suspicious text with a link you don’t recognise, even if it’s from a friend, don’t click on it. If you happen to get infected, the first step is to remove the Trojan. Uninstall the app and run an antivirus scan. Consider resetting the phone to default factory settings if necessary. Afterward, it would be wise to check your text messages and follow up with those to whom the link has been sent. Alert them to the malware and instruct them not to click on the link.”
