Application security, Threat Intelligence

Medusa Android trojan returns with more compact variants

Share
Fountain of Medusa in Nemi

More compact iterations of the Medusa Android banking trojan, also known as TangleBot, featuring fewer permissions have been deployed as part of more than two dozen attack campaigns aimed at the U.S., Canada, and other countries in Europe and Asia, following reduced activity, reports BleepingComputer.

Attacks involved five botnets to facilitate the distribution of malicious apps with the updated Medusa trojan, which added five new commands allowing app uninstallation, "Drawing Over" permission requests, black screen overlays, screenshot capturing, and user secret updating while omitting 17 old commands, according to a report from Cleafy. Further examination of the UNKN botnet leveraged to target several European countries revealed the use of a fraudulent sports streaming app and Chrome browser, as well as a 5G connectivity app to spread the new Medusa variant. Such findings indicate the Medusa trojan's increasing stealth and scope, with experts noting the emergence of more advanced malware-as-a-service distribution techniques.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.