Nasty new Android malware is watching EVERYTHING you do on screen

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Android fans are being warned about a devious strain of malware that security experts have branded “Vultur”. The name is pretty fitting for this predatory new breed of malware, which is capable of recording everything that takes place on your screen. That means everything from logins and passwords, complete internet history, bank details, and even your private text messages and social media activity is all recorded.

Vultur is a banking trojan that opts for a more complex approach than its peers. While other similar trojans use overlays to trick users into typing in their account details – mistakenly assuming they’re logging into a legitimate website, Vultur uses screen recording and key logging instead.

So, you’ll be logging into the real websites, including your online banking and social media accounts, but the malware will be making a careful note of everything you tap on-screen and everything you type. Yikes.

As security experts at Threat Fabric explained in a blog post, this is a more complex approach that requires more time and effort from threat actors. Researchers only discovered the Vultur malware in late March, and said that it has also been distributed via the well-known Brunhilda dropper network.

Google Play Store: How to update on an Android device

Analysis found droppers spreading the Vultur malware on a Google Play Store app downloaded thousands of times.

The app in question was ironically called Protection Guard, and claimed to help Android users protect the security of banking and social accounts.

It has since been removed from the Google Play Store.

Speaking about the security risk, Threat Fabric said: “In late March 2021, ThreatFabric detected a new RAT malware that we dubbed Vultur due to its full visibility on victims device via VNC. For the first time we are seeing an Android banking trojan that has screen recording and keylogging as main strategy to harvest login credentials in an automated and scalable way.

“The actors chose to steer away from the common HTML overlay strategy we usually see in other Android banking Trojans: this approach usually requires more time and effort from the actors in order to steal relevant information from the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result.”

Threat Fabric research also discovered a list of apps that have been targeted by Vultur. Many are based in Italy, Australia and Spain while many crypto currency wallets have also been put in the sights of bad actors.

According to Threat Fabric, the Virgin Money Credit Card app, the eToro Money app and the Bitfinex app are among the Play Store apps targeted by Vultur for screen recording.

While WhatsApp, Facebook, Messenger and TikTok are among the apps reportedly targeted for key logging by Vultur.

Summing up their findings, Threat Fabric said: “As the mobile channels of financial institutions continue to grow, mobile banking malware will only become more popular. Besides a steep increase in mobile malware volumes targeting banking apps last and this year, we see mobile malware becoming more and more sophisticated enabling hard-to-detect large scale attacks.

“This means that financial institutions should consider preparing themselves by better understanding the risk posed to their mobile-first strategy based on the current mobile threat landscape.”

Source: Read Full Article