[ad_1]
A new version of a known Android banking Trojan is circulating the internet, stealing sensitive data and even money from victims.
Cybersecurity researchers at NCC Group’s Fox-IT have sounded the alarm about a new upgraded version of the Vultur banking trojan. This version was first spotted in his early 2021, but has since undergone many significant changes and upgrades.
While previous versions were distributed via dropper apps smuggled into the Play Store, this new version uses a combination of smishing and exploitation of legitimate apps. Researchers say the attackers first send an SMS message to the victim, warning them about the fraudulent payment transaction and sharing a phone number the victim can call.
complete acquisition
Once the victim calls the number, the attacker tricks the victim into downloading a compromised version of the McAfee Security app. On the surface the app works as intended, but in the background she delivers the Brunhilda malware her dropper. This dropper drops her 3 payloads including 2 APK and 1 DEX file. After obtaining accessibility services, these payloads establish a connection with a command-and-control (C2) server and grant the attacker remote control of her Android device.
As a Trojan horse, Vultur is quite capable. It can record your screen, log your keystrokes, and give remote access to attackers through AlphaVNC and ngrok. Additionally, attackers can download and upload files, install apps, delete files, click, scroll, and swipe within the device, and block various apps from running. You can also display custom notifications and disable Keyguard to bypass the lock screen.
Finally, Vultur encrypts C2 communications to further evade detection.
As always, the best way to protect yourself from these threats is to use common sense and only download apps from legitimate and proven repositories.
via peepee computer
Learn more about TechRadar Pro
[ad_2]
Source link
