A new Trojan malware has been discovered which targets the Android apps for hundreds of major international banks, cryptocurrency services, and popular online retails sites.

Called “Gustuff”, cybercrime threat intelligence firm Group-IB warned in a press release (Mar 28) that it targets the Android app users of over 100 banks including 27 in the US, 16 in Poland, 10 in Australia, 9 in Germany, and 8 in India. Top international banks are on the target list, such as Bank of America, Bank of Scotland, JP Morgan, Wells Fargo, Capital One, TD Bank, and PNC Bank.

Other popular retails outlets, services, and mobile apps are at risk as well, from PayPal, Western Union, and eBay, to Walmart, Skype, and WhatsApp. Different crypto related apps such as Bitcoin Wallet, BitPay, Cryptopay, and Coinbase are vulnerable too.

Group-IB says that Gustuff is completely new and has never been reported before. Based on originally on a traditional banking Trojan virus, its new iteration is fully automated to steal both fiat and crypto en masse.

Gustuff infects Android smartphones through SMS bearing links to malicious Android Package (APK) files – the Android package file format used for distributing and installing applications. When an Android device is infected with Gustuff, the Trojan spreads through the device’s contact list or the server database.

It is aimed at “mass infections and maximum profit” for its operators. Designed to make siphoning money easy for attackers, Gustuff is multi-talented in the of ways it can steal money from an unsuspecting Android app user. It can display fake push notifications with legitimate icons that phish critical information. It can auto-fill form fields in legitimate banking and crypto apps, increasing both the speed and scale of thefts.

Gustuff owes these capabilities to being able to hijack Android’s Accessibility Service – and in turn get its help. If that might not worry enough people, Group-IB claims Gustuff is also able to effectively turn off Google Protect on Android devices in 70% of cases.

Although designed in Russia, Gustuff is used “exclusively on international markets”, says Group-IB. It advises Android users to be wary of the file extensions of downloaded apps and files.