U.S. Android users' financial accounts are at risk with the return of this banking trojan

2comments
U.S. Android users' financial accounts are at risk with the return of this banking trojan
The Medusa banking trojan has returned to Android after a year off researchers' radar screens. According to BleepingComputer, new campaigns have been spotted in the U.S., France, Italy, Canada, Spain, the United Kingdom, and Turkey. The new activity started back in May and is potentially serious because the malware can initiate unapproved transactions from infected phones. 

Medusa also can track the keys you type, control the screen, and manipulate text messages. Medusa will also capture screenshots and place overlays across the full screen in order to trick potential victims. As BleepingComputer says, "Overall, the Medusa mobile banking trojan operation appears to expand its targeting scope and be getting stealthier, laying the ground for more massive deployment and higher number of victim counts." The current campaigns are targeting users of the best Android phones in the aforementioned countries.

Making matters worse, the new version of Medusa is a lighter, more compact version that requires fewer permissions to wreak havoc. According to online fraud management company Cleafy, those who wrote Medusa removed 17 commands from the previous version of the malware and added five.  The apps used to drop the malware onto Android phones include a fake Chrome browser, a 5G connectivity app, and a streaming app called 4K Sports. If you have any of these apps on your phone, delete them immediately.


Luckily, none of the dropper apps used to distribute the malware have been spotted in the Google Play Store; one could make the case that Medusa was allowed to drain financial accounts of Android users because Android allows users to sideload apps. But more worrisome is that Cleafy sees more cybercriminals joining this Android malware-as-a-service (MaaS) operation allowing newer and harder-to-detect ways to distribute the malware to be discovered and created. An MaaS operation is one in which the hacker pays a fee for using the trojan

Recommended Stories
And when you think about the ways that Medusa can take a screenshot of your phone, read your typing keytaps, or use overlays on the screen to trick you into typing your password where one doesn't really belong, this is a serious threat that security firms need to continue to monitor. An overlay can also turn your phone's screen black leaving you thinking that your phone is off while nefarious actions are taking place in the background.

The first thing you can do to help yourself is to stop sideloading apps. Even though Google hasn't always been able to protect the Play Store from malware, your chances of becoming a victim to a trojan like Medusa expand when you sideload apps on your Android device.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless