BRITS and Americans have been warned of a vicious banking attack targeting Android users. Dubbed “Medusa”, the campaign allows cyber thieves to raid accounts using sneaky tactics without the phone’s owner realizing.
Medusa has been around for some time but experts have detected a new variant of it. First uncovered in July 2020, the malware – also known as TangleBot – is capable of reading sensitive text messages, keeping tabs on the buttons you press, taking screenshots, and recording phone calls to ultimately get hold of your bank account details. This latest version goes a step further, with the ability to display a full-screen overlay, according to cybersecurity firm Cleary. Doing so shows a black screen fooling victims into thinking their device is powered off when actually hackers could be getting to work.
Read more about Android
“While the exact purpose remains under investigation, this functionality presents a potential threat: by obscuring the underlying screen content, the attacker can use this overlay to mask other malicious activities,” Cleary explained. The attack has not only been targeting Android users in the UK and US, but also Canada, France, Italy, Spain, and Turkey. Hackers have come up with the sneaky idea of requesting fewer but more essential permissions. “The latest Medusa variant demonstrates a strategic shift towards a lightweight approach,” Cleary continued.
Minimizing the required permissions evades detection and appears more benign, enhancing its ability to operate undetected for extended periods. Medusa usually relies on phishing tricks to spread malware. But it’s increasingly been detected in so-called dropper apps, which are downloaded from untrusted sources outside of the Google Play Store. These can sometimes appear in “smishing” attacks, which are fake SMS messages designed to trick you into installing something on your phone. Among the dubious apps found to be distributing Medusa this time round are fake Google Chrome and 5G connectivity apps, as well as a sketchy streaming app called 4K Sports.
How to spot a dodgy app
- Check the reviews: Be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes: Legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads: Avoid apps with only several thousand downloads, as it could be fake.
- Research the developer: Do they have a good reputation? Or, are they totally fake?
- Check the release date: A recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement: This agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency: An app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon: Look closely, and don’t be deceived by distorted, lower-quality versions of icons from legitimate apps.
Users are once again warned of downloading apps outside official app stores. All of this information will be available to help Android users stay vigilant against the Medusa banking attack and other malware threats.