Application security, Malware, Phishing

Updated Vultur Android banking trojan emerges

Male hand holding smart phone outside.

BleepingComputer reports that more advanced features and increased stealth have been added to the updated Vultur Android banking trojan, which is being distributed via hybrid attacks.

Both smishing intrusions and phone calls have been leveraged by threat actors to lure targets into downloading a weaponized version of the McAfee security app with the Brunhilda malware dropper, a report from NCC Group's Fox-IT revealed. Installation of the app would then execute Vultur-related payloads that would enable Accessibility Services compromise and command-and-control server connections.

Aside from retaining older iterations' keylogging, remote access, and screen recording capabilities, the new Vultur variant enables file management, app blocking, Accessibility Services exploitation, Keyguard deactivation, and custom notifications, according to researchers.

Developers of the Vultur banking trojan have also allowed C2 communications encryption, on-the-spot decryption of various payloads, and payload decryption via native code, as well as the utilization of legitimate apps to better evade detection. Such a development suggests that Vultur could still be updated with more sophisticated features.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.