Trojan Medusa is Back and More Dangerous Than Ever

(TheConservativeTimes.org) – The Android banking Trojan Medusa is back after taking a year break and the program is now even more dangerous than it was before. The new variant of Trojan is said to be lightweight and even more sneaky by requesting fewer device permissions to avoid detection.

Medusa, first discovered in 2020, is a Turkish-linked banking Trojan that initially was attacking and targeting Turkish institutions. However, a couple of years ago it expanded quickly and launched major campaigns in North America and Europe. Medusa’s newest version is now targeting Android users globally including those in Canada, the United States, Spain, France, the United Kingdom, and Italy.

Medusa attacks are back but with a different version, which is harder to detect. Cybersecurity experts looked into a spike of installs of an app called “4K Sports,” and it turns out that hackers were using that app to install malware on Android devices. The malware in question turns out to be the newest version of Medusa.

One way that this malware is sneakier is by asking for less permissions. One thing that it still asks for is accessibility access, which experts say is a huge red flag. The accessibility access is used for those who are disabled and for hackers. This essentially allows them to do whatever they want to inside of the device.

The Trojan has seventeen fewer commands but it has added an additional five that include taking screenshots or adding a black overlay to the screen. Cybersecurity experts have said that they aren’t just using the 4K Sports app but that they are using fake apps as well, such as those for Google Chrome, Purolator, 5G, and InatTV.

Experts have said that they are using two groups of Medusa botnet groups to target people in these countries. One group is solely working with tactics usual for hacking, but the second group is more advanced and is using more than the usual phishing tactics.

Androids should be aware of the apps they are downloading and the permissions that they allow. Having a strong antivirus software can help as well as making sure you’re downloading apps from a reliable source. Monitoring your accounts and ensuring you have text messages set up for login attempts can help you stay on top of these phishing attempts.

Also,only to download trusted apps from the Google Play store as these hackers are using lookalike apps that are easy to mistake as legitimate.

Copyright 2024, TheConservativeTimes.org