Banking malware uses a simple trick to sneak into your life and turn it upside down

Banking malware uses a simple trick to sneak into your life and turn it upside down



The Android banking malware Vultur, which emerged in 2021, has gained new features for greater control of its victim’s devices.
The new capabilities allow Vultur to interact with an infected device more conveniently than before, per security company NCC Group. This makes it a bigger threat than it already was.

When it was first discovered three years ago, Vultur abused legitimate software products to gain remote access to infected devices. It relied on a dropper (helper program to install malware on a device) called Brunhilda. Brunhilda has previously been used in many Google Play apps to spread malware.

The more powerful version of Vulture isn’t being distributed through the Google Play Store. It uses Android’s Accessibility Services for more advanced remote control capabilities.

The cybercriminals behind the malware are using a social engineering technique to get people to install it.

The victim gets an SMS message that asks them to call a number if they didn’t initiate a transaction involving a lot of money. That’s just a ploy to create a fall sense of urgency as in reality, there wasn’t any transaction to begin with. 

After the victim calls the number, they are sent another SMS that contains a link to an app that resembles the McAfee Security app but is actually the Brunhilda dropper. Since the dropper functions like the McAfee Security app, the victim gets the impression that it’s harmless.

Once the malware is on a victim’s phone, the threat actors gain total control over their smartphone. They can remotely carry out a range of activities, including:

  • Install and delete files
  • Perform actions like scrolling, swiping, clicking, and muting or unmuting audio
  • Stop apps from running
  • Display a notification
  • Record a screen
  • Keyboard capturing
  • Steal credentials

Banking apps are the primary targets of Vultur. 

Vultur is the last thing anyone would want on their phone and like many unwelcome things in life, this nightmare starts with a text. If you don’t want to be a victim, don’t lose your marbles if you get an SMS about an authorized transaction.


Source link


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *