New iterations of the Medusa malware have surfaced, targeting Android devices in the US, the UK, Canada, France, Italy, Spain, and Turkey. Learn more about this emerging threat and how to safeguard your devices.

New versions of the Medusa banking trojan malware have been observed targeting Android devices globally. These attacks have reportedly utilized five botnets to distribute malicious apps, featuring enhancements to their capabilities and command structures.

Figure 1.Medusa Malware Strikes Android Devices Globally

New versions of Medusa, an Android banking trojan, have surfaced, impacting devices across multiple countries, including the US, the UK, Canada, France, Italy, Spain, and Turkey. [1] These updated versions of Medusa feature enhanced capabilities and command structures, and they are being employed by mul tiple malicious actors. The malware enables SMS manipulation, keylogging, and screen control, along with functionalities for taking screenshots, setting overlays, and uninstalling apps. Figure 1 shows Medusa Malware Strikes Android Devices Globally.

Originally known as TangleBot, the Medusa banking trojan primarily targets financial institutions, facilitating banking fraud operations. It was first identified in 2020, initially focusing on banking entities in Turkey. Since then, it has been involved in significant campaigns across North America over the past two years. It should not be confused with other malware, botnets, or ransomware sharing the same name.

The newer variants of the Medusa malware enable malicious actors to engage in fraudulent activities directly on compromised smartphones, requiring minimal permissions for installation and execution. The malware spreads through an app named 4K Sports, distributed via five botnets known as AFETZEDE, UNKN, PEMBE, ANAKONDA, and TONY, each with distinct objectives and geographical targets.

These botnets are suspected to use droppers available on third-party platforms, including social media platforms, websites, and phishing campaigns, potentially leading to hundreds of thousands of downloads. [2] Android users are advised to verify the sources of their apps and prioritize official downloads whenever possible.

References:

1. https://www.spiceworks.com/it-security/endpoint-security/news/medusa-malware-variants-hit-android-devices-in-multiple-countries/
2. https://solondais.fr/2024/06/28/news164222/medusa-malware-variants-have-hit-android-users/

Cite this article:

Janani R (2024), Variants Of the Medusa Malware Target Android Devices Across Several Countries, AnaTechMaz, pp. 162