Reportboom
  • AI Artificial Intelligence
  • AWS
  • Cyber Security
  • Technology
  • Tutorial
  • Cyber Security Jobs
No Result
View All Result
Reportboom
  • AI Artificial Intelligence
  • AWS
  • Cyber Security
  • Technology
  • Tutorial
  • Cyber Security Jobs
No Result
View All Result
Reportboom
No Result
View All Result
Beware: Medusa Banking Trojan Launches New Attacks Using Fake Apps

Beware: Medusa Banking Trojan Launches New Attacks Using Fake Apps

by Bishal Das
August 22, 2024
in Cybersecurity
0
Share on FacebookShare on Twitter

Medusa Banking Trojan Strikes Again: New Campaigns Target Global Users

After almost a year of lying low, the notorious Medusa banking trojan for Android is back, hitting users in France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. This resurgence has been under the radar since May, with the malware sporting compact variants that need fewer permissions and boast new features to directly initiate transactions from infected devices.

What is Medusa?

Also known as TangleBot, Medusa is a potent Android malware-as-a-service (MaaS) discovered in 2020. It offers malicious capabilities like keylogging, screen controls, and SMS manipulation. Despite sharing its name with other cyber threats, this operation is distinct from the Medusa ransomware gang and the Mirai-based botnet used for DDoS attacks.

You might also like

Japanese Teen Uses ChatGPT to Hack Rakuten, Sells eSIMs for 7.5 Million Yen

Japanese Teen Uses ChatGPT to Hack Rakuten, Sells eSIMs for 7.5 Million Yen

March 6, 2025
Apple has stopped offering end-to-end encrypted iCloud backups in the UK due to a legal order.

Apple appeals UK government demand for iCloud backdoor

March 5, 2025

New Campaign Insights

Cleafy, a leading online fraud management company, recently uncovered these fresh Medusa campaigns. The malware is now lighter, needing fewer device permissions, and comes with full-screen overlay and screenshot capturing features.

Recent Campaign Findings

  • First Evidence: The new Medusa variants surfaced in July 2023, utilizing SMS phishing (“smishing”) to install the malware through fake apps.
  • Campaigns & Botnets: Cleafy identified 24 campaigns, linked to five botnets (UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY). These botnets distributed malicious apps, including fake Chrome browsers, a 5G connectivity app, and a fake streaming app called 4K Sports—perfect bait during the UEFA EURO 2024 championship.
  • Target Regions: The UNKN botnet, in particular, focuses on Europe, especially France, Italy, Spain, and the UK.

Centralized Command & Control

All Medusa operations are managed through a central infrastructure that dynamically fetches URLs for command and control (C2) servers from public social media profiles.

New Medusa Variant Features

The latest Medusa variant has minimized its footprint, requesting only essential permissions but still requiring Android’s Accessibility Services. It can still access the victim’s contact list and send SMS, crucial for its spread.

New Commands:

  • destroyo: Uninstall a specific application
  • permdrawover: Request ‘Drawing Over’ permission
  • setoverlay: Set a black screen overlay
  • take_scr: Take a screenshot
  • update_sec: Update user secret

The ‘setoverlay’ command is particularly sneaky, making the device appear locked or shut off while malicious activities occur in the background. The new screenshot-capturing ability also lets attackers steal sensitive information directly from infected devices.

Growing Threat

The Medusa trojan is becoming stealthier and more widespread, setting the stage for more massive deployments and higher victim counts. Though Cleafy hasn’t spotted these dropper apps on Google Play yet, the growing number of cybercriminals joining this MaaS operation means their distribution methods will likely become more sophisticated.

Stay vigilant, keep your devices updated, and avoid downloading suspicious apps to protect yourself from these evolving threats.

Related Stories

Japanese Teen Uses ChatGPT to Hack Rakuten, Sells eSIMs for 7.5 Million Yen

Japanese Teen Uses ChatGPT to Hack Rakuten, Sells eSIMs for 7.5 Million Yen

by SwiftOnSecurity
March 6, 2025
0

In Japan, police recently arrested three teenagers—aged 14 to 16—for using an artificial intelligence tool called ChatGPT to break into...

Apple has stopped offering end-to-end encrypted iCloud backups in the UK due to a legal order.

Apple appeals UK government demand for iCloud backdoor

by Brian Krebs
March 5, 2025
0

Apple, the tech giant, is pushing back against a request from the UK government. The government wants Apple to create...

Social Media Faces Record Cyber Attacks in Late 2024

Social Media Faces Record Cyber Attacks in Late 2024

by Chris Eng
March 5, 2025
0

In the last few months of 2024, cyberattacks hit an all-time high. A report says 2.55 billion attacks were stopped,...

Cisco Webex Security Flaw Could Expose User Credentials – Here’s How to Stay Safe

Cisco Webex Security Flaw Could Expose User Credentials – Here’s How to Stay Safe

by Jay Peters
March 4, 2025
0

A recently discovered vulnerability in Cisco Webex for BroadWorks could expose user credentials, potentially allowing attackers to impersonate users. While...

Next Post
The Rise of Autonomous Taxis in Japan: Tier IV’s Vision for Self-Driving Technology

The Rise of Autonomous Taxis in Japan: Tier IV’s Vision for Self-Driving Technology

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

REPORTBOOM

ReportBoom is a premier news portal dedicated to providing the latest and most insightful news in the realms of cybersecurity, technology, artificial intelligence.

  • Home
  • About Us
  • Contact
  • Correction Policy
  • DNPA Code of Ethics
  • Privacy Policy
  • RSS Terms of Use
  • Terms and Conditions

© 2024 - 2025 Reportboom Cosmos Group.

No Result
View All Result
  • AI Artificial Intelligence
  • AWS
  • Cyber Security
  • Technology
  • Tutorial
  • Cyber Security Jobs

© 2024 - 2025 Reportboom Cosmos Group.