Gustuff
Gustuff is a banking Trojan that compromises Android devices and uses various methods of soliciting confidential financial information from its victims. Its attacks are generalized and include different means of modifying and tracking data associated with dozens of separate banking and cryptocurrency-related. Android users should be careful of any interactions with link-carrying text messages, have appropriate anti-malware tools delete Gustuff, and change all security-related credentials promptly after the disinfection.
The Message that Leaves Your Phone Feeling Ill
Threat actors operating inside of Russia, or who are concerned about the Russian authorities interfering with their campaign, are running a new banking Trojan kind with explicitly profit-seeking behavior. Gustuff, like the Scarab Ransomware family, uses an IP-filtering catch for prevent attacking users in Russia, but attacks residents of the rest of the world's nations freely. The reports of early versions provide examples of the Gustuff's scope, which includes the users of many financial phone applications.
As of early April, malware researchers can confirm attacks from Gustuff arriving through the vector of SMS text messages, which carry misleading links that trick users into clicking on them. With its installation, presuming the device isn't inside Russian borders, Gustuff commences with spreading further by hijacking the victim's contact lists, as well as exploring any available server databases. Although Gustuff's marketing calls it a replacement or supplanter to the previous AndyBot, Gustuff includes a significant variety of financial data-compromising features.
Gustuff can generate fake pages that imitate content for applications associated with banking institutions like Bank of America and Capital One for collecting the user's passwords and other data inputs. Gustuff performs these attacks, and others, such as serving hoax security credential confirmations, for over a hundred applications. Malware researchers are, similarly, confirming Gustuff's compatibility with most applications for cryptocurrencies – decentralized currencies like Bitcoin. Gustuff also leverages some features from its payload against various instant messengers, payment systems and Web stores.
Don't Get Caught Off-Guard by Russian Robbers
Users who follow the traditional recommendation of avoiding application install links that don't come through reputable sources like the Google Play Store should have few issues with Gustuff's infection vectors. Since contacts are likely of receiving Trojan-carrying messages from infected users, victims should issue warnings to their friends and other associations about any possibility of a breach in their phone's security. As usual, victims of spyware-based infections should assume that passwords, security question answers, etc., are in criminal ownership until they can verify otherwise.
Gustuff's author, 'Bestoffer,' isn't being specific about which phones he compromises, other than the omission of Russian residents. Although a majority of infections are in the United States, Europe, Australia, and India are under attack to a slightly lesser degree. The users can protect their phones with anti-malware services that should identify and remove Gustuff without requiring any further response for re-securing the device.
Malware experts can find some anti-security features with Gustuff, such as abusing the Accessibility Service for disabled users. This caveat shows the value of having a layer-based defense, wherein a Trojan might make its way past one level of security, but not all of them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.