Medusa Strikes Again: Android Banking Trojan Resurfaces with Stealthier, More Dangerous Tactics
Gio Farley
(Photo : AI Generated/Gio Farley)
The Medusa banking trojan, also known as TangleBot, has returned to life after over a year of hibernation, posing a serious threat to Android users everywhere. The malware, which is also known as TangleBot, targets users in the United States, France, Italy, Canada, Spain, the United Kingdom, and Turkey. Since May, security researchers have noticed a revival of the virus, noting notable modifications to its functionality and means of spread.
The new version of Medusa is a more compact and efficient variant that requires fewer permissions while still performing its malicious activities. Researchers from the online fraud management company Cleafy have noted that this streamlined version retains access to contacts, sends SMS messages, captures screenshots, and places deceptive overlays on the screen. These overlays can make the device appear locked or shut off, masking the malware's activities running in the background.
Medusa's latest campaigns have leveraged various dropper apps to infiltrate devices. These include a fake Chrome browser, a 5G connectivity app, and a streaming app called 4K Sports, which has been particularly timely given the ongoing UEFA EURO 2024 championship. These malicious apps have been distributed through smishing (SMS phishing) campaigns and other third-party sources, not the Google Play Store.
Medusa operates as an Android Malware-as-a-Service (MaaS), allowing cybercriminals to pay for access to the trojan. This model has led to a more extensive and sophisticated network of threat actors. Cleafy's research identified 24 campaigns attributed to five botnets: UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY, each focusing on different regions, particularly in Europe.
The UNKN botnet, for example, targets France, Italy, Spain, and the UK.
Read Also: Apple Rejects Meta's AI Partnership Proposal Over Privacy Concerns
To enhance its stealth, the developers of Medusa have removed 17 commands from the previous version and added five new ones, including:
destroyo: Uninstall a specific application.
permdrawover: Request "Drawing Over" permissions.
setoverlay: Set a black screen overlay.
take_scr: Take a screenshot.
update_sec: Update user secrets.
These changes reduce the malware's footprint while maintaining its malicious capabilities.
To protect against Medusa and similar threats, Android users are advised to:
Avoid Sideloading Apps: Download software only from reputable stores such as the Google Play Store. Avoid any third-party sites at all costs.
Use Security Software: To identify and stop malware, install reliable security and antivirus software.
Stay Informed and Updated: Update the apps and operating system on the smartphone with the most recent security fixes.
Review App Permissions: Examine app permissions carefully and don't allow access that isn't necessary.
Monitor Financial Accounts: Check your credit card and bank statements frequently for any fraudulent activities. Call your bank as soon as possible if you suspect any suspicious activities.
Users can drastically lower their chance of contracting the Medusa banking trojan and other viruses by taking these preventative measures.
Related Article: Google Integrates Gemini AI Across Major Platforms Including Gmail, Docs, And Sheets
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
related stories
more stories from News
Google's Circle to Search is leveling up with integrated barcode and QR code scanning, set to simplify tasks on smartphones and tablets. Stay tuned for seamless scanning and enhanced user convenience
ernest hamiltonExperience seamless song transitions with Apple Music's new Smart Crossfade feature in iOS 18, ensuring uninterrupted playback and preserving album integrity effortlessly.
ernest hamiltonWhatsApp rolls out its Events feature to group chats, boosting event management with end-to-end encryption. New updates also include expanded group video call limits and advanced AI tools for enhanced user experience.
ernest hamiltonChrome for Android is set to introduce background playback for web articles, allowing users to listen like audiobooks even when the app is closed or their phone is locked.
ernest hamiltonHuawei is developing next-generation Taishan cores that promise significant performance and energy efficiency improvements, potentially reshaping the competitive landscape despite challenges from U.S. sanctions.
ernest hamiltonOpenAI launches ChatGPT on macOS, integrating advanced AI conversations seamlessly into Apple's ecosystem. Experience enhanced productivity with intuitive interactions across iPhones, iPads, and Macs.
ernest hamiltonGoogle Translate broadens language support with 110 new additions, including Cantonese and Punjabi, leveraging advanced AI technology for enhanced global accessibility.
ernest hamiltonApple's iOS 18 update integrates RCS support, promising enhanced messaging across iPhone and Android. Learn about RCS rollout, features, and its impact on global communication. Prepare for a new era in messaging!
ernest hamilton