He malware on Android remains common despite the continued efforts of Google, which in 2023 alone prevented the release of more than two million malicious apps. One of the common goals pursued by criminals is to obtain the bank details users, which they achieve by infecting devices with Trojans such as Vultur or Brokewell.
Another one of the most dangerous banking Trojans affecting Android is Jellyfishalso known as TangleBot. After going unnoticed for about a year, all indications are that this dangerous banking Trojan is active again with a new variant.
Medusa is able to initiate bank transfers directly from the infected mobile
Medusa is a sophisticated malware banking system originally discovered in 2020. It initially spread throughout Turkey and affected the country’s financial institutions, but soon after it began to expand. spread to the rest of the world. This is currently a major security threat affecting Android device users.
After going unnoticed for about a year, last May, Medusa-related activity began to be detected in seven different countries: Europe, France, Italy, United States, Canada, United Kingdom and Turkey. The activity was discovered by Cleafy, an Italian cybersecurity company.
To understand the magnitude of the problem, we need to have an idea of how the system works. malware: Medusa propose remote access to devices engaged exploiting the capabilities of VNC, a tool that allows real-time screen sharing. The Trojan takes advantage of accessibility services, one of the gateways to malware
Once the device is infected, criminals can use a keylogger to capture the keys the user presses on their device. This allows them to support banking credentials users, who at no time are aware of what is happening.
The first evidence of the new variants emerged in the summer of 2023, when Cleafy observed that smishing (Phishing via SMS) to try infect devices users via apps droppera type of Trojan horse designed to install malware.
Among the applications dropper used is a fake version of Google Chrome, a connectivity app and a application fraudulent streaming of
Newer variants of Medusa are able to operate using fewer permissions on compromised devices and gain access to the user’s contact list. Additionally, Medusa is able to send SMS messages to continue extending the lifespan. malware.
These new variants also have new features, such as the ability to uninstall apps, take screenshots or keep black screen (pretending it is off) to hide suspicious activity.
At this point, it is clear that the risks if our devices are infected with this malware are extremely high. As always, we remind you of the importance of limiting yourself to downloading applications from Google Play and not installing unknown or suspicious applications.
By | Cleafy and Bleeping Computer
Cover Image | Microsoft Designer Image Creator
In Xataka Android | What is malware, what are its types and what can you do if it infects your mobile
