Security News > 2022 > February > Medusa Malware Joins Flubot’s Android Distribution Network
Flubot, the Android spyware that's been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa.
That's according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.
Apparently, Medusa likes the cut of Flubot's jib: "Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons," ThreatFabric researchers noted in a Monday analysis.
"In less than a month, this distribution approach allowed Medusa to reach more than 1,500 infected devices in one botnet, masquerading as DHL.".
First discovered in July 2020, Medusa is a mobile banking trojan that can gain near-complete control over a user's device, including capabilities for keylogging, banking trojan activity, and audio and video streaming.
To wit: In version 5.4, Medusa picked up the ability to abuse the "Notification Direct Reply" feature of Android OS, which allows the malware to directly reply to push notifications from targeted applications on a victim's device.
News URL
https://threatpost.com/medusa-malware-flubot-android-distribution/178258/
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)