Medusa Strikes Again: Android Banking Trojan Resurfaces with Stealthier, More Dangerous Tactics
Gio FarleyThe Medusa banking trojan, also known as TangleBot, has returned to life after over a year of hibernation, posing a serious threat to Android users everywhere. The malware, which is also known as TangleBot, targets users in the United States, France, Italy, Canada, Spain, the United Kingdom, and Turkey. Since May, security researchers have noticed a revival of the virus, noting notable modifications to its functionality and means of spread.
The new version of Medusa is a more compact and efficient variant that requires fewer permissions while still performing its malicious activities. Researchers from the online fraud management company Cleafy have noted that this streamlined version retains access to contacts, sends SMS messages, captures screenshots, and places deceptive overlays on the screen. These overlays can make the device appear locked or shut off, masking the malware's activities running in the background.
Medusa's latest campaigns have leveraged various dropper apps to infiltrate devices. These include a fake Chrome browser, a 5G connectivity app, and a streaming app called 4K Sports, which has been particularly timely given the ongoing UEFA EURO 2024 championship. These malicious apps have been distributed through smishing (SMS phishing) campaigns and other third-party sources, not the Google Play Store.
Medusa operates as an Android Malware-as-a-Service (MaaS), allowing cybercriminals to pay for access to the trojan. This model has led to a more extensive and sophisticated network of threat actors. Cleafy's research identified 24 campaigns attributed to five botnets: UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY, each focusing on different regions, particularly in Europe.
The UNKN botnet, for example, targets France, Italy, Spain, and the UK.
Read Also: Apple Rejects Meta's AI Partnership Proposal Over Privacy Concerns
To enhance its stealth, the developers of Medusa have removed 17 commands from the previous version and added five new ones, including:
destroyo: Uninstall a specific application.
permdrawover: Request "Drawing Over" permissions.
setoverlay: Set a black screen overlay.
take_scr: Take a screenshot.
update_sec: Update user secrets.
These changes reduce the malware's footprint while maintaining its malicious capabilities.
To protect against Medusa and similar threats, Android users are advised to:
Avoid Sideloading Apps: Download software only from reputable stores such as the Google Play Store. Avoid any third-party sites at all costs.
Use Security Software: To identify and stop malware, install reliable security and antivirus software.
Stay Informed and Updated: Update the apps and operating system on the smartphone with the most recent security fixes.
Review App Permissions: Examine app permissions carefully and don't allow access that isn't necessary.
Monitor Financial Accounts: Check your credit card and bank statements frequently for any fraudulent activities. Call your bank as soon as possible if you suspect any suspicious activities.
Users can drastically lower their chance of contracting the Medusa banking trojan and other viruses by taking these preventative measures.
Related Article: Google Integrates Gemini AI Across Major Platforms Including Gmail, Docs, And Sheets
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
related stories
more stories from News
Chrome for Android is set to introduce background playback for web articles, allowing users to listen like audiobooks even when the app is closed or their phone is locked.
ernest hamiltonHuawei is developing next-generation Taishan cores that promise significant performance and energy efficiency improvements, potentially reshaping the competitive landscape despite challenges from U.S. sanctions.
ernest hamiltonOpenAI launches ChatGPT on macOS, integrating advanced AI conversations seamlessly into Apple's ecosystem. Experience enhanced productivity with intuitive interactions across iPhones, iPads, and Macs.
ernest hamiltonGoogle Translate broadens language support with 110 new additions, including Cantonese and Punjabi, leveraging advanced AI technology for enhanced global accessibility.
ernest hamiltonApple's iOS 18 update integrates RCS support, promising enhanced messaging across iPhone and Android. Learn about RCS rollout, features, and its impact on global communication. Prepare for a new era in messaging!
ernest hamiltonWatch the first presidential debate between Biden and Trump live tonight. Find out how to stream it from the US, UK, Canada, or anywhere using various options, including free streams and VPNs.
ernest hamiltonApple announces expanded support for third-party iPhone repairs, including True Tone activation for non-Apple displays and battery health metrics visibility starting in 2024.
ernest hamiltonRealme returns to Pakistan with the new Realme 12 4G, featuring a Snapdragon 685 processor, 6.67-inch 120Hz OLED display, 50MP Sony camera, 5000mAh battery with 67W fast charging, and IP54 rating. Available in 8/128GB and 8/256GB configurations starting at PKR 60,000
ernest hamilton