A previously unreported advanced banking trojan named Gustuff can steal funds from accounts at over 100 banks across the world and rob users of 32 cryptocurrency apps. The threat sells for a monthly subscription of $800 and it was first spotted in April 2018. Its developer promotes it as an upgraded variant of AndyBot banking malware whose activity has been tracked since 2017. One of the functions of the malware is to turn off Google Play Protect, the built-in anti-malware protection on Android. Gustuff uses Android Accessibility services to interact with screens from other apps.
Source: https://www.bleepingcomputer.com/news/security/gustuff-android-malware-targets-100-banking-and-32-cryptocurrency-apps/