Company Group-IB said that clients of 32 applications for the storage of cryptocurrency, and over 100 international banks can be attacked by Android-Trojan Gustuff.

Gustuff is the representative of a new generation of malware that can render Fiat money and crypto-currencies users.

The author of the Trojan is a Russian-speaking cybercriminal Bestoffer, while Gustuff “works” exclusively in international markets. For the first time the system kiberrazvedki Threat Intelligence Group-IB has discovered a Trojan in hacker forums in April 2018.

Gustuff analysis of the sample showed that the purpose of the Trojan are cryptohalite Bitcoin Wallet, BitPay, Cryptopay, Coinbase, etc., as well as mobile apps of major banks such as Bank of America, Bank of Scotland, JPMorgan, Wells Fargo, Capital One, TD Bank, PNC Bank. From more than 100 banks that can be attacked BY, 27 are in the US, 16 in Poland, 10 in Australia, 9 in Germany and 8 India.

Trojan penetrates Android-smartphones through SMS-mailing with links to the APK (archive format executable files-applications for Android). When infected device, the Trojan team of the server may be further spread Gustuff’and on the basis of contacts of the infected phone or on the server database.

Functionality Gustuff is designed for mass infection and the maximum capitalization – it has a unique feature “avtopoliv” in legitimate mobile banking apps and cryptococal that allows to accelerate and scale theft of money.

After loading the victim’s phone Gustuff using the Accessibility Service, is able to interact with elements of the Windows of other applications (banking, cryptocurrency, and also apps for online shopping, messaging, etc.), performing the necessary for the attackers actions.

Gustuff also knows how to deactivate the protection Google Protect and display fake PUSH notifications with icons of a legitimate mobile application that allows it to obtain a credit card or wallet of the user.

Recall that in 2017, cyber criminals have begun to shift its focus from banks to kriptonyte. It was caused by the sharp growth of the cryptocurrency.