[ad_1]
Hackers have a new tool that is one of the most advanced. Android banking trojan has been upgraded with new features that allow you to remotely control infected devices.
It was first discovered in 2021 by security firm ThreatFabric. walter It was one of the first banking Trojans that could record the screen of infected Android smartphones. Over the years since then, its creator has updated his Android malware to make it even more dangerous.
According to reports security week, new technical features have been added to Vultur, further improving the malware’s ability to evade detection. It was originally distributed using malicious app On the Google Play Store, security researchers NCC Group Recently, a brand new campaign was observed using a new distribution method to trick unsuspecting users into installing this malware. best android smartphones.
Here’s everything you need to know about the Vultur banking Trojan and tips and tricks to prevent your phone from being hijacked by hackers.
Infect the victim with a hybrid attack
Rather than infecting users through a malicious app, this new attack uses a hybrid attack that begins with a text message, followed by a phone call, and then another text message.
among them report, security researchers at NCC Group say this hybrid attack begins with a text message instructing potential victims to call a number if they have not authorized a large transaction from their bank account. Explaining.This transaction did not actually occur, but the message sense of urgency It might be enough to trick the user into calling that number.
If you call to inquire about a large transaction, you will receive a second text message during the call. It contains a link to a trojanized version of his McAfee Security app, which he is forced to install on his smartphone. Although the app itself looks legitimate at first glance, it actually contains: Brynhildr Dropper This is used to download the Vultur banking Trojan.
The malware is downloaded as three separate payloads and combined on the target Android smartphone. Once installed, the hacker behind this campaign will have complete control over the infected device.
more dangerous walter
The Vultur banking Trojan was dangerous enough when it was first observed, but it now has even more features that hackers can use in attacks.
For example, the malware can download, upload, delete, install, and search for files on an infected Android smartphone, but it can also prevent apps from running in the first place. Similarly, you can display custom notifications in the status bar and disable the keyguard that allows you to bypass the lock screen. However, the new remote control feature is the most interesting.
Although Vultur still uses AlphaVNC and ngrok for remote access functionality as it did in 2021, hackers can send commands to infected smartphones to perform scrolling, swipe gestures, clicks, and mute/unmute the device’s audio. Now you can do things like:
Like other Android malware strains, Vultur exploits the operating system’s system. accessibility services It gives you more control over infected devices. The cybercriminals behind this banking Trojan use Google’s own Firebase Cloud Messaging (FCM) Service that sends messages from command and control (C2) The server that controls the infected phone.
Typically, a hacker must maintain continuous contact with an infected device in order to take control of it. However, FCM allows you to send commands even if you lose connectivity to the device. While AlphaVNC and ngrok still require continuous remote connectivity, this new feature provides even more flexibility and makes things easier for the hackers who introduced this malware into their attacks.
New file manager functionality gives hackers more control over infected Android smartphones by allowing them to delete existing files from the device and upload new files for use in additional attacks. Become.
How to protect yourself from Android malware
I usually say to stay away from Android apps with poor reviews; Sideloading apps If you want to protect yourself from malware, this campaign is a little different.
it’s more like Phishing attack Because it starts with an urgent message from an unknown sender. In such cases, you need to remain calm and not let your emotions get the better of you. Instead of responding to the message immediately or at all, the first thing you should do is check your bank account to see if this big transaction actually took place. This will make it clear that this is not the case and you can safely ignore the message.
At the same time you never want bring back the hacker If you provide us with your phone number via text or email, we will contact you by phone. Automated email security checks prevent many messages from getting through. Therefore, hackers have started trying to trick users into making phone calls. It’s much easier to convince someone to do something they don’t necessarily want to do when you’re talking on the phone.
To protect yourself from Trojanized apps like the one used in this attack, you should ensure the following: Google Play Protect will be installed and enabled on your Android smartphone. However, these days it comes pre-installed on most Android smartphones. For added protection, you should also consider using one of the following: Best Android antivirus app This is because they are updated more frequently and many of them include additional security features, such as: VPN or password manager.
As Google and other companies get better at defending against attacks like this one, hackers will continue to devise new ways to trick users into installing malware on their smartphones. For this reason, be especially careful when installing new apps, and avoid apps that require manual installation at all costs.
More about Tom’s guide
[ad_2]
Source link
