Beware, these 2 Trojans siphon bank accounts from Android devices

According to a study by ThreatFabric, two banking Trojans are trying to cause panic on Android using fake apps.

Operating systems have become more reliable over time, but no system is foolproof. For this reason it is important to make regular updates and to be wary of APK files. Well known to Android users, they allow bypassing the Play Store to install applications on a device. The openness of Google’s operating system provides this flexibility, but it also allows hackers to carry out attacks.

In a new study spotted by our colleagues at Presse-Citron, ThreaFabric researchers warn of the resurgence of attacks by two banking Trojans. Called FluBot and Medusa, they are different but use the same delivery method to infect your Android devices. First discovered in July 2020, Medusa was best known for abusing accessibility permissions to siphon funds from your banking apps.

Two years have passed and the Trojan horse has evolved to continue to exist. “Medusa has other dangerous features such as keystroke logging, accessibility event logging, and audio and video streaming. All of these capabilities allow for near-total access to the victim’s device.”explain the ThreatFabric researchers.

These banking malware spread via fake apps

To pass under the radars of the Google Play Store, it is transmitted via apps downloaded outside the application store. It is notably present in fake “DHL” or “Flash Player” APK files to infect a device. Present in Turkey for a long time, it has crossed several borders and is spreading in particular to Canada and the United States. It is therefore advisable to be careful if you install applications outside the Play Store.

Medusa is not alone and is developing in the company of FluBot. Already known, it has also evolved to be able to intercept and manipulate notifications. This malware targets the direct reply feature of apps like WhatsApp spreading links pointing to malware and phishing links. “ With this feature, the malware can use a list of notification responses pulled from the hackers’ server and control center., says ThreatFabric. It can go even further and be used by hackers to confirm transactions on behalf of the victim.

To protect yourself, it is better to download applications from the Google Play Store. You should also not click on unknown links that you receive by SMS, email or via a messaging application. If in doubt, contact your correspondent or the department that sent you this message.

Leave a Comment