Group-IB uncovers malware which targets more than 100 banking, crypto, and marketplace apps

Cybersecurity company Group-IB has unearthed a new generation of Android malware which targets more than 100 global banking, crypto, and marketplace apps.

Group-IB is an international company specialising in the development of hardware and software to prevent cyberattacks.

The company announced on its website that it had detected activity from a new mobile Android Trojan malware called ‘Gustuff’.

Its potential targets include customers of leading global banks, crypto users, and popular e-commerce websites and marketplaces.

Group-IB believes it is a new generation of malware complete with fully automated features designed to steal both fiat and crypto from victims.

Group-IB’s analysis of Gustuff revealed that the Trojan is equipped to potentially target Android users who have apps from international banks including Bank of America, Bank of Scotland, JP Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank.

The malware could also target crypto services including Bitcoin Wallet, BitPay, CryptoPay, Coinbase, and more.

Group-IB believes there is more than 100 banking and 32 crypto apps that are at risk. There are 27 banking apps in the US at risk alongside another 16 in Poland, 10 in Australia, nine in Germany, and eight in India.

Gustuff was reportedly designed as a classic banking Trojan, but its list of targets has since expanded. These now include PayPal, Western Union, eBay, Walmart, Skype, WhatsApp, Gett Taxi, and Revolut.

The Trojan infects Android smartphones through SMS and latches on to the Android Package (APK) file, which is used by the Android operating system for the distribution and installation of applications.

Gustuff autofills banking fields

When an Android device is infected with the Gustuff malware, at the server’s command, the Trojan spreads further through the infected device’s contact list or the server database.

Gustuff is designed for mass infection and to obtain maximum profits for its operators.

It utilises a unique feature called ‘Automatic Transfer System’ (ATS) which autofills the fields in legitimate mobile banking apps and crypto wallets to help speed up the theft of the victim’s fiat or crypto.

Group-IB’s threat intelligence system first discovered Gustuff back in April 2018. It also came across an advertisement for leasing Gustuff, which was set at $800.

Group-IB has said it will continue to analyse and research the Trojan.

Interested in reading more crypto crime-related news? Discover how a Ukrainian man was arrested for his suspected involvement in installing crypto mining malware on websites which received 1.5 million hits per month.