Gustuff

Posted: April 1, 2019

Gustuff Description

Gustuff is a banking Trojan that compromises Android devices and uses various methods of soliciting confidential financial information from its victims. Its attacks are generalized and include different means of modifying and tracking data associated with dozens of separate banking and cryptocurrency-related. Android users should be careful of any interactions with link-carrying text messages, have appropriate anti-malware tools delete Gustuff, and change all security-related credentials promptly after the disinfection.

The Message that Leaves Your Phone Feeling Ill

Threat actors operating inside of Russia, or who are concerned about the Russian authorities interfering with their campaign, are running a new banking Trojan kind with explicitly profit-seeking behavior. Gustuff, like the Scarab Ransomware family, uses an IP-filtering catch for prevent attacking users in Russia, but attacks residents of the rest of the world's nations freely. The reports of early versions provide examples of the Gustuff's scope, which includes the users of many financial phone applications.

As of early April, malware researchers can confirm attacks from Gustuff arriving through the vector of SMS text messages, which carry misleading links that trick users into clicking on them. With its installation, presuming the device isn't inside Russian borders, Gustuff commences with spreading further by hijacking the victim's contact lists, as well as exploring any available server databases. Although Gustuff's marketing calls it a replacement or supplanter to the previous AndyBot, Gustuff includes a significant variety of financial data-compromising features.

Gustuff can generate fake pages that imitate content for applications associated with banking institutions like Bank of America and Capital One for collecting the user's passwords and other data inputs. Gustuff performs these attacks, and others, such as serving hoax security credential confirmations, for over a hundred applications. Malware researchers are, similarly, confirming Gustuff's compatibility with most applications for cryptocurrencies – decentralized currencies like Bitcoin. Gustuff also leverages some features from its payload against various instant messengers, payment systems and Web stores.

Don't Get Caught Off-Guard by Russian Robbers

Users who follow the traditional recommendation of avoiding application install links that don't come through reputable sources like the Google Play Store should have few issues with Gustuff's infection vectors. Since contacts are likely of receiving Trojan-carrying messages from infected users, victims should issue warnings to their friends and other associations about any possibility of a breach in their phone's security. As usual, victims of spyware-based infections should assume that passwords, security question answers, etc., are in criminal ownership until they can verify otherwise.

Gustuff's author, 'Bestoffer,' isn't being specific about which phones he compromises, other than the omission of Russian residents. Although a majority of infections are in the United States, Europe, Australia, and India are under attack to a slightly lesser degree. The users can protect their phones with anti-malware services that should identify and remove Gustuff without requiring any further response for re-securing the device.

Malware experts can find some anti-security features with Gustuff, such as abusing the Accessibility Service for disabled users. This caveat shows the value of having a layer-based defense, wherein a Trojan might make its way past one level of security, but not all of them.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Gustuff may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Gustuff may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.