Security News > 2022 > February > Medusa Malware Joins Flubot’s Android Distribution Network
Flubot, the Android spyware that's been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa.
That's according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.
Apparently, Medusa likes the cut of Flubot's jib: "Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons," ThreatFabric researchers noted in a Monday analysis.
"In less than a month, this distribution approach allowed Medusa to reach more than 1,500 infected devices in one botnet, masquerading as DHL.".
First discovered in July 2020, Medusa is a mobile banking trojan that can gain near-complete control over a user's device, including capabilities for keylogging, banking trojan activity, and audio and video streaming.
To wit: In version 5.4, Medusa picked up the ability to abuse the "Notification Direct Reply" feature of Android OS, which allows the malware to directly reply to push notifications from targeted applications on a victim's device.
News URL
https://threatpost.com/medusa-malware-flubot-android-distribution/178258/
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)