Medusa, a banking trojan that was first recognized in 2020, has reportedly returned with a number of new upgrades that make it extra threatening. The brand new variant of the malware can also be stated to be focusing on extra areas than the unique model. A cybersecurity agency has detected the trojan energetic in Canada, France, Italy, Spain, Turkey, the UK, and the US. Medusa primarily assaults Google’s Android working system, placing smartphone house owners in danger. Like several banking trojan, it goes after the banking apps on the system and may even carry out on-device frauds.
New variants of Medusa banking trojan found
Cybersecurity agency Cleafy experiences that new fraud campaigns involving the Medusa banking trojan have been noticed in Might after remaining beneath the radar for nearly a 12 months. Medusa is a kind of TangleBot — an Android malware that may infect a tool and provides the attackers a variety of management over it. Whereas they can be utilized for stealing private data and spying on people, Medusa, being a banking trojan, primarily assaults banking apps and steals cash from victims.
The unique model of Medusa was outfitted with highly effective capabilities. For example, it had the distant entry trojan (RAT) functionality that allowed it to grant the attacker display screen controls and the flexibility to learn and write SMS. It additionally got here with a keylogger and the mixture allowed it to carry out one of the vital harmful fraud eventualities — on-device fraud, in line with the agency.
Nonetheless, the brand new variant is alleged to be much more harmful. The cybersecurity agency discovered that 17 instructions that existed within the older malware have been eliminated within the newest Trojan. This was carried out to minimise the requirement of permissions within the bundled file, elevating much less suspicion. One other improve is that it could set a black display screen overlay on the attacked system, which may make the person assume the system is locked or powered off, whereas the trojan performs its malicious actions.
Menace actors are additionally reportedly utilizing new supply mechanisms to contaminate units. Earlier, these have been unfold through SMS hyperlinks. However now, dropper apps (apps that seem like reputable however deploy the malware as soon as put in) are getting used to put in Medusa beneath the guise of an replace. Nonetheless, the report highlighted that the malware makers haven’t been capable of deploy Medusa through the Google Play retailer.
After being put in, the app flashes messages prompting the person to allow accessibility companies to gather the sensor knowledge and keystrokes. The info is then compressed and exported to an encoded C2 server. As soon as sufficient data has been collected, the menace actor can use distant entry to take management of the system and commit monetary fraud.
Android customers are really useful to not click on on URLs shared through SMS, messaging apps, or social media platforms by unknown senders. They need to even be cautious whereas downloading apps from untrusted sources, or just stick with the Google Play retailer to obtain and replace apps.