Android cell phones are in danger: Experts are warning of the “Vultur” Trojan, which spreads via Google Play and spies on sensitive data. It is difficult to uninstall.
- Security researchers are warning of the new “Vultur” Trojan targeting Android devices.
- The malware uses keylogging and screen capture to get access data.
- It spreads through the Play Store and is currently difficult to uninstall.
Security experts warn of a new Trojan horse, the Android devices infested. As reported by the Dutch company ThreatFabric, the malware under the name “Vultur” has access to online banking and access data Krypto-Wallets apart.
This is how Vultur works
The software uses a new method. As The Hacker News reports, “Vultur” uses a combination of keylogging and screen monitoring to get the data. In other words, “Vultur” “looks” at your data as you enter it on the display.
So far there has not been a Trojan that could automate and collect access data in this way, according to the ThreatFabric researchers. The experts are currently assuming that the infection mainly takes place via the “Protection Guard” app, which is sold via the Google Play Store.
App cannot be uninstalled
The app has been installed over 5,000 times so far. Particularly nasty: If you want to uninstall the app, you’re out of luck. As soon as you want to call up the application details of the app, the Trojan “presses” the “Back” button. This prevents the app from being uninstalled. You only have to reset the phone to factory settings.
Photo gallery
The best virus scanners for Android
The best virus scanners for Android
According to the researchers’ data, devices in Italy, Europe and Australia are particularly affected. A solution to the problem has not yet been published. Those affected who have installed the app should never use their banking apps or wallets until the malware can be removed.
Similar cases in the spring
It’s not the first time a banking Trojan has secretly spread through apps available on Google Play. In March 2021, the experts from Checkpoint Security the malware “Clast82” in the following 8 applications:
- Cake VPN (Package Name com.lazycoder.cakevpns)
- BeatPlayer (Package Name com.crrl.beatplayers)
- QRecorder (Package Name com.bezrukd.qrcodebarcode)
- Pacific VPN (Package Name com.protectvpn.freeapp)
- eVPN (Package Name com.abcd.evpnfree)
- QR/Bacode Scanner Max (Package Name com.record.callvoicerecorder)
- Music Player (Package Name com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (Package Name com.mistergrizzlys.docscanpro)
In the background, this downloads banking Trojans such as the AlienBot Banker and MRAT, which cyber criminals can use to spy out your account details and take over your device.
According to Checkpoint Security, all of the affected apps were detected by Google meanwhile banned from the Google Play Store.
This is how you protect yourselves in the future
Infection with malware cannot always be prevented, but you can make it difficult for cybercriminals to steal your data. To do this, you should take the following tips to heart:
- Activate the for all of your online accounts 2-factor authentication.
- Installed a VPNto protect your privacy. But don’t just choose any app from the Google Play Store, trustworthy and free VPN services we have summarized you in the linked article.
” Tip: The best VPN providers for more security and data protection
Table of Contents