Security News > 2024 > March > Vultur banking malware for Android poses as McAfee Security app
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism.
A report from Fox-IT, part of the NCC Group, warns that a new, more evasive version of Vultur spreads to victims through a hybrid attack that relies on smishing and phone calls that trick the targets into installing a version of the malware that masquerades as the McAfee Security app.
The call is answered by a fraudster who persuades the victim to open the link arriving with a second SMS, which directs to a site that offers a modified version of the McAfee Security app.
Inside the trojanized McAfee Security app is the 'Brunhilda' malware dropper.
The latest version of Vultur malware that researchers analyzed keeps several key features from older iterations, such as screen recording, keylogging, and remote access via AlphaVNC and ngrok, allowing attackers real-time monitoring and control.
PixPirate Android malware uses new tactic to hide on phones.
News URL
Related news
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)