After nearly a year of hiatus, the Android banking Trojan Medusa is back and more dangerous than ever. The new variant of the Trojan is lighter in weight and requests fewer permissions from the device in order to avoid detection.
First identified in 2020, Medusa is a Turkey-related banking Trojan that initially targeted Turkish financial institutions.
By 2022, it had expanded rapidly, launching large-scale campaigns in North America and Europe resulting in significant financial damage. New variants of Medusa are now targeting Android users across the globe, including the US, Canada, Spain, France, Italy, the UK, and Turkey.
Click here to get the FOX News app
A man looking at his Android smartphone. (Kurt “Cyberguy” Knutson)
How does the Medusa Android Trojan evade detection?
Since July 2023, the Medusa attack has returned with a new version. Creefy A sudden increase in the number of installs of an app called “4K Sports” has been noticed. This app is being used by hackers to plant malware on users’ Android phones. The new malware is an upgraded version of Medusa that has significant changes to the way it works.
They’re asking for fewer permissions and being more clever, but they still ask for accessibility services, which is a big red flag. Android’s accessibility services are powerful tools that make it easier for people with disabilities to use their mobile devices. When you grant an app accessibility permissions, you essentially give that app permission to do whatever it wants on your phone.
Click here to read more US news
Cybercriminals know this, which is why most malware that infects phones asks for Accessibility permissions. If an app requests permissions in this area, you should be immediately suspicious. The new Medusa variant also requests SMS broadcast, Internet foreground services, and package management permissions.
The Android Trojan now has 17 fewer commands than before, but it adds five new ones, including setting a black screen overlay and taking screenshots.
Cleafy revealed that hackers are using the 4K Sports app to install Medusa, as well as fake apps like Google Chrome, InatTV, Purolator, and 5G. In the US, Chrome, InatTV, and Purolator are the main apps being exploited by these hackers.
People who use Android smartphones. (Kurt “Cyberguy” Knutson)
Best Antivirus for Android – Cyberguy’s Choice 2024
How big is the Medusa cyber attack?
Medusa targets people all over the world, including the U.S. and Europe. Cleafy discovered two different Medusa botnet groups, each operating in their own way.
The first group uses botnets named AFETZEDE, ANAKONDA, PEMBE and TONY to primarily target people in Turkey, but also in Canada and the U.S. They use Medusa’s usual methods, such as phishing, to spread their malware.
The second group, which includes the UNKN botnet, marks a change in Medusa’s strategy, as it primarily targets European users, especially Italy and France. Unlike the usual variants, some of these new variants were installed through apps downloaded from untrusted sources. This means that hackers are trying new ways to spread malware beyond the usual phishing tactics.
Cyber criminal illustration. (Kurt “Cyberguy” Knutson)
Android banking Trojan poses as Google Play to steal data
10 ways to protect yourself from Android banking Trojans
Trojans can be hard to detect and dangerous once they get on your phone, but there are things you can do to protect your data.
1. Beware of phishing scams: Be wary of emails, phone calls, and messages from unknown sources asking for personal information. Don’t click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
2. Deploy powerful antivirus software: Android has its own built-in anti-malware feature called Play Protect, but it’s not enough to stop all malicious software. Until now, Play Protect has not been 100% reliable in removing all known malware from your Android phone. The best way to protect yourself from clicking on malicious links that install malware that can access your personal information is to have antivirus protection installed on all your devices. This will also alert you to phishing emails and ransomware scams. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
3. Download apps from trusted sources: It is important to only download apps from trusted sources such as Google Play Store, which have rigorous checks in place to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores as they may pose a high risk to your personal data and device.
Click here to get FOX Business on the go
4. Use identity theft protection services: Identity theft companies monitor personal information like Social Security numbers (SSNs), phone numbers, and email addresses to alert you if it’s being sold on the dark web or used to open accounts. They can also help you freeze bank and credit card accounts to prevent further fraud by criminals.
The biggest benefit of using some of the services is that they may include identity theft insurance. Up to $1 million to cover losses and legal costs And at the White Glove Fraud Resolution Team, U.S.-based case managers to help you recover your losses. Check out our tips and best choices for protecting yourself against identity theft.
5. Monitor your account: If you think you may have been affected by a banking Trojan, regularly review your bank statements, credit card statements, and other financial accounts for fraudulent transactions. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
6. Enable SMS notifications for your bank account: Enabling SMS notifications allows you to monitor your account for fraudulent transactions.
7. Set up two-factor authentication (2FA): 2FA It’s an extra shield to prevent hackers from accessing your account.
8. Use a password manager: a Password Manager It helps you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.
9. Regularly update your device’s operating system and apps: Maintaining the Software Latest This is very important because updates often contain security patches for newly discovered vulnerabilities that can be exploited by Trojans.
10. Be careful when granting permissions: Carefully review the permissions an app requests. If an app requests more access than it needs to function, that could be a red flag.
How to remove your personal information from the internet
Important points about the cart
The hackers behind Medusa make the malware difficult to detect. They inject it into your phone disguised as a legitimate app, stealing your personal data and sometimes your money. As a general rule, only download apps from the Google Play Store. Google only allows safe apps on its platform, making it safer than any other app store.
What do you think about the increasing sophistication of mobile malware like the Medusa Trojan, and how do you think the cybersecurity industry should respond? Email us. Cyberguy.com/Contact Us
If you want to hear more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
