{"id":71821,"date":"2024-07-06T14:00:29","date_gmt":"2024-07-06T14:00:29","guid":{"rendered":"http:\/\/02c7f08f9d61a51a13e9ed2210c51145"},"modified":"2024-07-06T14:00:29","modified_gmt":"2024-07-06T14:00:29","slug":"android-banking-trojan-evolves-to-evade-detection-and-strike-globally","status":"publish","type":"post","link":"https:\/\/wp.timesamerica.net\/android-banking-trojan-evolves-to-evade-detection-and-strike-globally\/","title":{"rendered":"Android banking Trojan evolves to evade detection and strike globally"},"content":{"rendered":"\n

Android banking Trojan<\/span> Medusa has returned after almost a yearlong hiatus and is now even more dangerous. The new variant of the Trojan is lightweight and requests fewer device permissions to avoid detection.<\/p>\n

First identified in 2020, Medusa is a Turkish-linked banking Trojan that initially targeted Turkish financial institutions. <\/p>\n

It expanded rapidly by 2022, launching major campaigns in North America and Europe, causing significant monetary harm. Medusa\u2019s new variant is now targeting Android users<\/span> across the globe, including those located in the U.S., Canada, Spain, France, Italy, the U.K. and Turkey.<\/p>\n

CLICK HERE TO GET THE FOX NEWS APP<\/strong><\/span><\/p>\n

\n
\"man<\/picture><\/div>\n
\n
\n

A man looking at his Android phone.<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n

How does the Medusa Android Trojan evade detection?<\/strong><\/h2>\n

Since July 2023, Medusa attacks are back with a new version. Cybersecurity experts from Cleafy<\/u><\/span> found a spike in the number of installs of an app called “4K Sports.” This app<\/span> is being used by hackers to put malware on people’s Android phones. The new malware is an upgraded Medusa with big changes in how it works.<\/p>\n

It asks for fewer permissions, making it sneakier. It still requests Accessibility Services, which is a big red flag. Android’s Accessibility Service is a powerful tool that helps people with disabilities use mobile devices more easily. When you grant an app Accessibility permissions, you\u2019re essentially giving it the ability to do whatever it wants on your phone.<\/p>\n

CLICK HERE FOR MORE U.S. NEWS<\/strong><\/span><\/p>\n

Cybercriminals are aware of this, so most malware that infects your phone will ask for Accessibility permissions. You should be immediately suspicious when an app requests permissions in this area. Medusa\u2019s new variant also requests Broadcasting SMS, Internet Foreground Service and Package Management permissions.<\/p>\n

The Android Trojan now has 17 fewer commands than before but adds five new ones, like setting a black screen overlay, taking screenshots and more.<\/p>\n

Cleafy reveals that hackers are using not only the 4K Sports app to install Medusa but also fake apps like Google Chrome, InatTV, Purolator and 5G. In the U.S., Chrome, InatTV and Purolator are the main apps being misused by these hackers.<\/p>\n

\n
\"person<\/picture><\/div>\n
\n
\n

A person on their Android phone.<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n

BEST ANTIVIRUS FOR ANDROIDS \u2014 CYBERGUY PICKS 2024<\/u><\/strong><\/span><\/p>\n

What is the scale of the Medusa cyberattack?<\/strong><\/h2>\n

Medusa is going after people all over the world, including the U.S. and Europe. Cleafy found two different Medusa botnet groups, each working in its own way.<\/p>\n

The first group, with botnets named AFETZEDE, ANAKONDA, PEMBE and TONY, mainly targets people in Turkey but also hits Canada and the U.S. They use Medusa’s usual tricks, like phishing, to spread the malware.<\/p>\n

The second group, including the UNKN botnet, shows a change in Medusa’s strategy. It mainly targets European users, especially in Italy and France. Unlike the usual variants, some of these new ones were installed through apps downloaded from untrusted sources. This means the hackers are trying new ways to spread the malware beyond the usual phishing tactics.<\/p>\n

\n
\"cybercriminal\"<\/picture><\/div>\n
\n
\n

Illustration of a cybercriminal.<\/span> (Kurt “CyberGuy” Knutsson)<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA<\/u><\/strong><\/span><\/p>\n

10 ways you can protect yourself from the Android banking Trojan<\/strong><\/h2>\n

While a Trojan is hard to detect and can be dangerous once it enters your phone, there are several things you can do to protect your data.<\/p>\n

1. Be cautious of phishing attempts:<\/strong> Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.<\/p>\n

2. Have strong antivirus software:<\/strong> Android has its own built-in malware protection called Play Protect, but it\u2019s not enough to stop all malicious software. Historically, Play Protect hasn\u2019t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices<\/u><\/span>.<\/p>\n

3. Download apps from reliable sources:<\/strong> It\u2019s important to download apps only from trusted sources like the Google Play Store. They have strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they can pose a higher risk to your personal data and device.<\/p>\n

GET FOX BUSINESS ON THE GO BY CLICKING HERE<\/strong><\/span><\/p>\n

4. Use an identity theft protection service:<\/strong> Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. <\/p>\n

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees<\/strong> and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses<\/strong>. See my tips and best picks on how to protect yourself from identity theft.<\/u><\/span> <\/strong><\/p>\n

5. Monitor your accounts:<\/strong> If you think you have been affected by the banking Trojan, regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.<\/p>\n

6. Enable SMS notifications for your bank accounts<\/strong>: By enabling SMS notifications, you can monitor your accounts for any unauthorized transactions.<\/p>\n

7. Set up two-factor authentication (2FA)<\/strong>: 2FA<\/u><\/span> is an extra shield that prevents hackers from accessing your accounts.<\/p>\n

8. Use a password manager<\/strong>: A password manager<\/u><\/span> can help you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.<\/p>\n

9. Regularly update your device\u2019s operating system and apps<\/strong>: Keeping your software up to date<\/u><\/span> is crucial, as updates often include security patches for newly discovered vulnerabilities that could be exploited by Trojans.<\/p>\n

10. Be wary of granting permissions<\/strong>: Carefully review the permissions requested by apps. If an app asks for more access than it needs for its functionality, it could be a red flag.<\/p>\n

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET<\/u><\/strong><\/span><\/p>\n

Kurt\u2019s key takeaways<\/strong><\/h2>\n

Hackers behind Medusa have made the malware hard to detect. They use apps that look legitimate to get the malware onto your phone and steal your personal data and sometimes your money. As a rule of thumb, only download apps from the Google Play Store. Google ensures it only allows secure apps on its platform and is safer than any other app store.<\/p>\n

What are your thoughts on the increasing sophistication of mobile malware like the Medusa Trojan, and how do you think the cybersecurity industry should respond? Let us know by writing us at <\/strong>Cyberguy.com\/Contact<\/u><\/strong><\/span><\/p>\n

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com\/Newsletter<\/u><\/strong><\/span><\/p>\n

Ask Kurt a question or let us know what stories you’d like us to cover<\/u><\/span>CyberGuy.com.<\/span><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Android banking Trojan Medusa has returned after almost a yearlong hiatus and is now even more dangerous. The new variant of the Trojan is lightweight and requests fewer device permissions to avoid detection. First identified in 2020, Medusa is a Turkish-linked banking Trojan that initially targeted Turkish financial institutions.  It expanded rapidly by 2022, launching …<\/p>\n","protected":false},"author":1,"featured_media":71822,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-71821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","has-thumb","has-featured"],"_links":{"self":[{"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/posts\/71821"}],"collection":[{"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/comments?post=71821"}],"version-history":[{"count":0,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/posts\/71821\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/media\/71822"}],"wp:attachment":[{"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/media?parent=71821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/categories?post=71821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.timesamerica.net\/wp-json\/wp\/v2\/tags?post=71821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}