Security News > 2022 > February > Medusa Android Banking Trojan Spreading Through Flubot's Attacks Network
Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric.
The ongoing side-by-side infections, facilitated through the same smishing infrastructure, involved the overlapping usage of "App names, package names, and similar icons," the Dutch mobile security firm said.
Medusa, first discovered targeting Turkish financial organizations in July 2020, has undergone several iterations, chief among which is the ability to abuse accessibility permissions in Android to siphon funds from banking apps to an account controlled by the attacker.
The malware-ridden apps used in conjunction with FluBot masquerade as DHL and Flash Player apps to infect the devices.
FluBot, for its part, has received a novel upgrade of its own: the ability to intercept and potentially manipulate notifications from targeted applications on a victim's Android device by leveraging the direct reply action, alongside auto-replying to messages from apps like WhatsApp to spread phishing links in a worm-like fashion.
Last year, ESET and Check Point Research uncovered rogue apps posing as Huawei Mobile and Netflix that employed the same modus operandi to perform the wormable attacks.
News URL
https://thehackernews.com/2022/02/medusa-android-banking-trojan-spreading.html
Related news
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Google fixes two Android zero-days used in targeted attacks (source)