Cisco alert: ‘Gustuff’ Android banking malware ‘aggressively’ targeting Australia

Credit: ID 89114859 © Vladislav Lukyanov |

Malware researchers at Cisco’s Talos Intelligence are warning Australian consumers and businesses about Android malware specifically targeting users Android users from the country. 

The researchers found a crook selling access to the Android Gustuff bot, a banking trojan, on an underground forum, offering to give other criminals a chance to hook online customers from CBA, Westpac, St George, NAB, Bankwest, Bank SA, ANZ, Citibank Australia, and the Bank of Melbourne. 

The online advertisement was consistent with the researchers’ analysis of the infrastructure used to communicate with this particular version of Gustuff. They found that most requests to this infrastructure came from devices located in Australia. 

The requests occur during installation of the malicious app, however that’s at the first stage, which involves the affected device sending SMS with a URL to the victim’s contact list. The infection that could threaten bank account security happens in a second stage, once a contact has opened a link allowing a remote server assesses whether the device fits the profile for delivering the actual banking malware to it. 

The other evidence suggesting Australian banking customers are the primary target were the malicious app’s “overlays”, which are all copies of real Australian banking apps’ login interfaces that are foisted on to an infected device’s screen when the victim opens the legit banking app.