Monday, July 15, 2024

Medusa Android Malware Resurfaces: New Lightweight Variant Targets Users Worldwide


- Advertisement -
  • The Medusa Android malware has resurfaced with a new lightweight variant.
  • The malware spreads through a fake app called “4K Sports” and requests fewer permissions to avoid detection.
  • Five botnets are targeting users in various countries, using websites, social media, and phishing to distribute the malware.

After a year of lying low, the Medusa Android banking trojan has resurfaced, cybersecurity experts warn.

This sophisticated malware, initially discovered in 2020 targeting Turkish financial institutions, is now making waves again with a new variant, posing a significant threat to users worldwide.

The New Variant

Cybersecurity researchers from Cleafy have identified a lightweight version of Medusa, being used by multiple cybercriminal groups.

The malware is now spreading through a newly observed app called “4K Sports,” which has shown significant changes in its command infrastructure and capabilities.

Notably, the new Medusa variant requests fewer permissions, making it harder to detect. It still asks for Accessibility Services—a red flag for any user—but overall, it appears more subtle than its predecessors.

Other concerning permissions include Broadcasting SMS, Internet Foreground Service, and Package Management.

- Advertisement -

Streamlined and Dangerous

The updated version of Medusa has streamlined its operations by cutting down on unnecessary commands while introducing new, harmful ones.

In total, 17 commands were removed, and five new ones were added, including the ability to set a black screen overlay and take screenshots.

These capabilities make it a powerful tool for cybercriminals aiming to steal personal information and banking credentials.

Global Reach

Five different botnets operate the new Medusa variant, each with unique targets and goals.

These botnets—UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY—focus their attacks on users in Canada, Spain, France, Italy, the UK, the US, and Turkey.

Despite not being found on the Google Play Store, Medusa is spreading through dedicated websites, social media channels, phishing, and other methods.

- Advertisement -

These distribution channels, though less direct, still manage to reach a large number of users.

Staying Safe

To protect yourself from Medusa and other similar threats, follow these steps:

  1. Be Wary of Permissions: Always scrutinize the permissions requested by any new app. If an app asks for Accessibility Services or other high-risk permissions, it’s best to avoid it.
  2. Download from Trusted Sources: Stick to downloading apps from the Google Play Store or other reputable sources. Avoid downloading apps from third-party websites.
  3. Use Security Software: Install reliable antivirus and security software on your device to help detect and block malicious activities.

Medusa is a reminder of the evolving threats in the digital landscape. Staying informed and cautious is crucial to protecting your personal and financial information.

- Advertisement -
Emily Parker
Emily Parker
Emily Parker is a seasoned tech consultant with a proven track record of delivering innovative solutions to clients across various industries. With a deep understanding of emerging technologies and their practical applications, Emily excels in guiding businesses through digital transformation initiatives. Her expertise lies in leveraging data analytics, cloud computing, and cybersecurity to optimize processes, drive efficiency, and enhance overall business performance. Known for her strategic vision and collaborative approach, Emily works closely with stakeholders to identify opportunities and implement tailored solutions that meet the unique needs of each organization. As a trusted advisor, she is committed to staying ahead of industry trends and empowering clients to embrace technological advancements for sustainable growth.

Read More

Trending Now