When popular Android banking trojan goes out, it’s usually good news – but not in this case.
As he states BleepingComputerafter almost a year of lying low, the Medusa banking trojan has returned in several user-targeted campaigns best android phones in the USA, Great Britain, Canada, France, Italy, Spain and Turkey.
While Medusa has been dangerous before, these new variants require fewer permissions and include new features that make it easier for the malware to commit fraud directly on a compromised smartphone.
Here’s everything you need to know about these new Medusa variants, along with how you can protect yourself and your Android devices from banking Trojans.
Using botnets to deliver malicious applications
According to a new message from an online fraud management company Cleafythese new variants of Medusa were first spotted already in July of last year in several campaigns that used SMS phishing or whipping to sideload malware using dropper applications.
In total, the researchers identified 24 separate campaigns, five of which were attributed to botnets that were used to deliver malicious applications to unsuspecting users. Some of dropper application used in these campaigns include a fake chrome browsera 5G connection app and a fake streaming app called 4K Sports.
Because Medusa is a malware-as-a-service offering where hackers pay a subscription fee to deploy a banking trojan, all these campaigns and botnets are managed by its central infrastructure that obtains links for its command and control (C2) server.
To make their banking trojan easier to install, the creators of Medusa have made it even smaller and now requires fewer permissions after installation. However, it still relies on Android Facilitation services work.
Although 17 commands have been removed from the previous version of this banking trojan, it retains its ability to access the victim’s contacts and send text messages to spread even further. However, there are some new commands that give these Medusa variants the ability to uninstall apps, redraw apps, set a black screen overlay, and take screenshots.
From these, screen overlay one is particularly dangerous because it can be used by a remote attacker to make an infected smartphone appear to be turned off while malicious activities are carried out in the background. Similarly, Medusa’s screenshot capability provides an easy way for hackers to steal sensitive information such as passwords from an infected device.
We’ll be keeping a close eye on this improved banking trojan, as its smaller size means hackers using it will be able to expand the scope of their attacks and target even more Android users.
How to stay safe from Android malware
Since the Medusa banking trojan is often spread through dropper apps, you need to be extra careful when installing new apps on your smartphone.
While secondary application may be convenient, it’s an easy way to end up with a nasty malware infection, especially if you’re downloading their APK files from less-than-trustworthy sources. For this reason, you should stick to official Android app stores such as Google Play StoreAmazon Appstore and Samsung Galaxy Store.
At the same time, you also want to make sure of that Google Play Protect is enabled on your Android phone because it checks all your existing apps and any new ones you download for malware. For added protection, you can also consider using one of the best antivirus apps for android next to her.
Banking Trojans can be quite lucrative for the hackers who use them in their attacks, so don’t expect this particular threat to disappear anytime soon.