- The Medusa Android malware has resurfaced with a new lightweight variant.
- The malware spreads through a fake app called “4K Sports” and requests fewer permissions to avoid detection.
- Five botnets are targeting users in various countries, using websites, social media, and phishing to distribute the malware.
After a year of lying low, the Medusa Android banking trojan has resurfaced, cybersecurity experts warn.
This sophisticated malware, initially discovered in 2020 targeting Turkish financial institutions, is now making waves again with a new variant, posing a significant threat to users worldwide.
The New Variant
Cybersecurity researchers from Cleafy have identified a lightweight version of Medusa, being used by multiple cybercriminal groups.
The malware is now spreading through a newly observed app called “4K Sports,” which has shown significant changes in its command infrastructure and capabilities.
Notably, the new Medusa variant requests fewer permissions, making it harder to detect. It still asks for Accessibility Services—a red flag for any user—but overall, it appears more subtle than its predecessors.
Other concerning permissions include Broadcasting SMS, Internet Foreground Service, and Package Management.
Streamlined and Dangerous
The updated version of Medusa has streamlined its operations by cutting down on unnecessary commands while introducing new, harmful ones.
In total, 17 commands were removed, and five new ones were added, including the ability to set a black screen overlay and take screenshots.
These capabilities make it a powerful tool for cybercriminals aiming to steal personal information and banking credentials.
Global Reach
Five different botnets operate the new Medusa variant, each with unique targets and goals.
These botnets—UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY—focus their attacks on users in Canada, Spain, France, Italy, the UK, the US, and Turkey.
Despite not being found on the Google Play Store, Medusa is spreading through dedicated websites, social media channels, phishing, and other methods.
These distribution channels, though less direct, still manage to reach a large number of users.
Staying Safe
To protect yourself from Medusa and other similar threats, follow these steps:
- Be Wary of Permissions: Always scrutinize the permissions requested by any new app. If an app asks for Accessibility Services or other high-risk permissions, it’s best to avoid it.
- Download from Trusted Sources: Stick to downloading apps from the Google Play Store or other reputable sources. Avoid downloading apps from third-party websites.
- Use Security Software: Install reliable antivirus and security software on your device to help detect and block malicious activities.
Medusa is a reminder of the evolving threats in the digital landscape. Staying informed and cautious is crucial to protecting your personal and financial information.