We don't talk very often about malware for Android, but when we do, it means the threat is serious. And by serious we do not only mean personal data (since very often their importance is neglected) but also i banking data. Yes, because nowadays many of our banking data are saved on the smartphone. Well, it is important to know that the Vulture malware could steal galore and without us noticing. luckily there are gods ways to avoid it. Let's see how
New malware steals banking data, but not in the usual way: it learned to record screen without being seen! How to recognize it
The remote access Trojan malware in question was named Vultur by the security company ThreatFabric. It uses a real implementation of VNC screen sharing to record the screen of a device, the key registry and mirror everything on the server. Users unknowingly enter their credentials into what they believe to be a trustworthy app, and attackers then gather the information, log into the apps on a separate device, and they withdraw the money.
This screen recording method is different from previous Android banking malware, which relied on an HTML overlay strategy. Vulture also relies heavily on the abuse of accessibility services on the device's operating system for obtain the necessary permissions that will allow him to access what he needs to successfully collect credentials.
In the report of ThreatFabric, we learned that the threat actors were able to collect a list of apps Vulture was targeting. These were disseminated via the Google Play Store. Italy, Spain and Australia were the regions that had the largest number of banking institutions affected by Vultur. Several crypto wallets were also targeted.
If the user downloads and opens one of the applications targeted by Vulture, the Trojan starts the screen recording session. Users who notice and try to eliminate the malicious app will quickly find that they cannot: a bot within the malware automatically clicks the button Go back and returns the user to the main settings screen. The only advantage users have is paying attention to the notification panel, which will show that an app called "Protection Guard”Is projecting the screen.
Through | ARSTechnica
