An Instagram-initiated campaign using the Gustuff Android mobile banking trojan has rolled out in October. The campaign mainly targets Australian banks and digital currency wallets, looking to steal credentials and financial data. Cisco Talos researchers say the malware is still deployed using the same packer that has been seen in previous campaigns. But many other aspects of the latest version of Gustuff have seen significant changes. Ditching hardcoded names dramatically lowers the static footprint that can be used by white hats for analysis.
Source: https://threatpost.com/gustuff-android-banker-switches-technical-approach/149403/