Security News > 2022 > February > Medusa Android Banking Trojan Spreading Through Flubot's Attacks Network
Two different Android banking Trojans, FluBot and Medusa, are relying on the same delivery vehicle as part of a simultaneous attack campaign, according to new research published by ThreatFabric.
The ongoing side-by-side infections, facilitated through the same smishing infrastructure, involved the overlapping usage of "App names, package names, and similar icons," the Dutch mobile security firm said.
Medusa, first discovered targeting Turkish financial organizations in July 2020, has undergone several iterations, chief among which is the ability to abuse accessibility permissions in Android to siphon funds from banking apps to an account controlled by the attacker.
The malware-ridden apps used in conjunction with FluBot masquerade as DHL and Flash Player apps to infect the devices.
FluBot, for its part, has received a novel upgrade of its own: the ability to intercept and potentially manipulate notifications from targeted applications on a victim's Android device by leveraging the direct reply action, alongside auto-replying to messages from apps like WhatsApp to spread phishing links in a worm-like fashion.
Last year, ESET and Check Point Research uncovered rogue apps posing as Huawei Mobile and Netflix that employed the same modus operandi to perform the wormable attacks.
News URL
https://thehackernews.com/2022/02/medusa-android-banking-trojan-spreading.html
Related news
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)