Security News > 2022 > February > Medusa Malware Joins Flubot’s Android Distribution Network

Flubot, the Android spyware that's been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa.

That's according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.

Apparently, Medusa likes the cut of Flubot's jib: "Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons," ThreatFabric researchers noted in a Monday analysis.

"In less than a month, this distribution approach allowed Medusa to reach more than 1,500 infected devices in one botnet, masquerading as DHL.".

First discovered in July 2020, Medusa is a mobile banking trojan that can gain near-complete control over a user's device, including capabilities for keylogging, banking trojan activity, and audio and video streaming.

To wit: In version 5.4, Medusa picked up the ability to abuse the "Notification Direct Reply" feature of Android OS, which allows the malware to directly reply to push notifications from targeted applications on a victim's device.

News URL

https://threatpost.com/medusa-malware-flubot-android-distribution/178258/