Android banking trojans have been around for years. However, the latest one is no ordinary malware. Known as Gustuff, this virus has been around since April 2018. Over that time, it has received plenty of updates, all of which have made it more formidable. Gustuff targets all forms of financial Android apps, from crypto to payment processors and banks. According to an analysis of the trojan by cyber-security firm Group-IB, it can access over 100 banking apps. The analysis, which Group-IB shared with tech outlet ZDNet, also revealed that Gustuff can access over 32 crypto apps. Some of the banking apps on its radar include Bank of America, TD Bank, Wells Fargo, JPMorgan Chase and Bank of Scotland. In crypto, the most targeted apps are Coinbase, BitPay and Cryptopay, with 29 others also on its radar. Gustuff can also access other payment and messaging apps such as Western Union, PayPal, Revolut, Walmart and Skype. Just like most of its counterparts, Gustuff uses social engineering to lure its users into granting it access. It does this through the use of the Android Accessibility feature. This feature is meant to assist people with disabilities navigate their Android phones easily. Therefore, it can automate various tasks as well as tap on the screen on the user\u2019s behalf. However, after accessing the victim\u2019s phone, Gustuff deviates from the norm. For most malware, they use fake login pages and steal a user\u2019s credentials. The criminals then use these credentials to access their victim\u2019s accounts on another computer. Not Gustuff. The trojan is able to perform an \u2018Automatic Transfer Service\u2019, a term that pertains to banking malware. This means that it gets to complete transactions on the victim\u2019s Android device. Using the Android Accessibility feature, it opens apps, fills in credentials and performs all sorts of transactions. Granted, malware that performs ATS transactions is not unheard of. However, previously, this type of malware only targeted Windows users. Gustuff is the first malware program that performs ATS transactions on an Android mobile device. Lethal as it is, Gustuff hasn\u2019t been all that popular. For one, it hasn\u2019t been able to bypass Google\u2019s security scans like some of the major players in the field. This has denied it access to the Google\u00a0Play Store, greatly limiting its market. Currently, it relies on SMS spam on which the criminals embed the links to the malware\u2019s APK installation file. Gustuff also has other features which further make it more dangerous. It can collect information such as photos and videos from a victim\u2019s phone. It can also turn off Google Play Protect, a security feature that protects users from malware on the Play Store. Its most uncanny feature is the ability to reset the phone to factory settings, erasing all data if its operator fears that the trojan has been discovered.