Security News > 2022 > February > Medusa Malware Joins Flubot’s Android Distribution Network
Flubot, the Android spyware that's been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa.
That's according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.
Apparently, Medusa likes the cut of Flubot's jib: "Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons," ThreatFabric researchers noted in a Monday analysis.
"In less than a month, this distribution approach allowed Medusa to reach more than 1,500 infected devices in one botnet, masquerading as DHL.".
First discovered in July 2020, Medusa is a mobile banking trojan that can gain near-complete control over a user's device, including capabilities for keylogging, banking trojan activity, and audio and video streaming.
To wit: In version 5.4, Medusa picked up the ability to abuse the "Notification Direct Reply" feature of Android OS, which allows the malware to directly reply to push notifications from targeted applications on a victim's device.
News URL
https://threatpost.com/medusa-malware-flubot-android-distribution/178258/
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)