Banking Trojan "Medusa" is Back to Steal Passwords and Cash - How to Stay Safe

Banking Trojan "Medusa" is Back to Steal Passwords and Cash - How to Stay Safe

A popular Android banking Trojan going dark is usually good news, but not this time

As reported by BleepingComputer, the banking Trojan Medusa, which had been inactive for almost a year, is back with multiple campaigns targeting users of the best Android phones in the US, UK, Canada, France, Italy, Spain, and Turkey It was resurrected in

Medusa has been dangerous before, but these new variants require fewer permissions and include new features that make it easier for malware to commit fraud directly on compromised smartphones

Here is everything you need to know about these new Medusa variants and how to protect yourself and your Android device from the banking trojan

According to a new report from online fraud management firm Cleafy, these new Medusa variants were first discovered last July in several campaigns that use SMS phishing and smishing to side-load malware with the help of dropper apps

In total, researchers identified 24 separate campaigns, five of which were attributed to botnets used to deliver malicious apps to unsuspecting users Dropper apps used in these campaigns include a fake Chrome browser, a 5G connectivity app, and a fake streaming app called 4K Sports

Since Medusa is a malware-as-a-service where hackers pay a subscription fee to deploy banking Trojans, all of these campaigns and botnets get a link to a command and control (C2) server centrally handled by the infrastructure

To make the installation of the banking Trojan easier, Medusa's creators made it even smaller, requiring fewer permissions after installation However, it still relies on Android's accessibility services in order to function

Although 17 commands have been removed from previous versions of this banking Trojan, it retains the ability to access victims' contacts and send text messages for further dissemination However, there are several new commands that give these Medusa variants the ability to uninstall apps, draw over them, set black screen overlays, and take screenshots

Of these, the screen overlay is particularly dangerous, as it can be used by a remote attacker to make it appear as if the infected smartphone is turned off while malicious activity is running in the background Similarly, Medusa's screenshot feature provides hackers with an easy way to steal sensitive information, such as passwords, from infected devices

We will keep an eye on this improved banking Trojan because its small size means that hackers using it can expand the scope of their attacks while targeting even more Android users

The banking Trojan Medusa is often spread through dropper apps, so extra care should be taken when installing new apps on smartphones

Sideloading apps may be convenient, but it is an easy way to get infected with nasty malware, especially if you are downloading APK files from unreliable sources For this reason, you should stick to official Android app stores such as the Google Play Store, Amazon Appstore, and Samsung Galaxy Store

At the same time, you also want to make sure that Google Play Protect is enabled on your Android phone, because Google Play Protect will scan all existing apps and new apps you download for malware For even more protection, you may also consider using one of the best Android antivirus apps in parallel

Don't expect this particular threat to go away anytime soon, as banking Trojans can be quite lucrative for hackers to use in their attacks

Categories