Subj : Medusa Android malware returns to target users around the world To : All From : TechnologyDaily Date : Wed Jun 26 2024 20:30:05 Medusa Android malware returns to target users around the world here's how to stay safe Date: Wed, 26 Jun 2024 19:28:54 +0000 Description: The infamous Android banking trojan lost some weight, but it's still the same old threat. FULL STORY ====================================================================== Medusa, an Android banking trojan that had been laying low for roughly a year now, has made a fresh appearance, experts have warned A new, lightweight Medusa variant has been seen being used by multiple threat actors, and targeting victims in numerous countries around the world, noted cybersecurity researchers from Cleafy. In their report, the researchers said they recently observed a surge in installations of a new app called 4K Sports. Subsequent investigation determined the app to be an evolution of Medusa, with significant changes in its command infrastructure and capabilities. Expanding targets Most notably, the new variant requests fewer permissions, making it less detectable. It still asks for Accessibility Services, which should always be a red flag. Other notable mentions include Broadcasting SMS, Internet Foreground Service, and Package Management. In total, 17 commands were nixed, and five new ones introduced, including setting a black screen overlay, taking screenshots, and more. Five different botnets, each with unique operational goals and geographical targets, were identified using the new Medusa. These are called UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY, and their targets were mostly located in Canada, Spain, France, Italy, the UK, the US, and Turkey. To distribute Medusa, the botnets are most likely using droppers, the researchers said. However, the droppers have not yet been found on the Google Play Store, which significantly reduces its reach. However, dedicated websites, social media channels, phishing, and other methods, are still viable and can still result in hundreds of thousands of downloads. Not to be confused with the ransomware, or the Mirai-based botnet of the same name, the Medusa banking trojan is a sophisticated piece of malware primarily designed to target financial institutions and facilitate banking fraud. It was first identified in 2020, targeting Turkish financial institutions. By 2022, Medusa had launched major campaigns in North America and Europe. More from TechRadar Pro The Medusa ransomware group is getting serious Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/medusa-android-malware-returns-to-targe t-users-around-the-world-heres-how-to-stay-safe --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .