A team of researchers at the security firm ThreatFabric is reporting on their website blog page that they have found instances of a new kind of malware in Android apps downloaded from Google Play that attempt to steal banking login information. They have named the new malware Vultur, after the birds that prey on wounded or dead targets.
The team at ThreatFabric note that prior efforts to steal banking login and password information from users of Android-based devices have used overlays; where an image is pasted over the top of an application’s login page and data from it is then routed to the hackers. In this new threat, the Vultur software instead uses code to recognize when a data entry form is being used, takes a screen grab, and then begins keylogging. All of the data captured by the malware is then routed to a site specified by its creators.
The team at ThreatFabric notes that thus far, Vultur has mostly affected people living in Italy, Australia, the U.K and the Netherlands—and while its prime mission appears to be capturing banking login information, instances of keylogging have also been found for social media apps, such as TikTok, Facebook and WhatsApp—they have also seen a few instances of cryptocurrency apps being targeted as well.
The malware can make its way onto user devices via a “dropper” called Brunhilda, which has been found in several phone-security, fitness and authentication apps—all on Google Play. The team at ThreatFabric is estimating that approximately 30,000 Android-based devices have been infected with Brunhilda to date, which suggests that thousands of users have likely been infected with Vultur. They also note that Vultur makes use of Accessibility Services on infected devices to prevent users from removing it from their device—it instigates a Back button press if such an attempt is made.
Users can prevent the malware from stealing their data by denying access when notified by Accessibility Services. Also, the malware can be detected by a casting icon appearing when users are not casting something. ThreatFabric also suggests installing Android antivirus apps.
New malware detection for Android at the source code level
© 2021 Science X Network
Citation:
‘Vultur’ malware uses new technique to steal banking credentials (2021, August 2)
retrieved 2 August 2021
from https://techxplore.com/news/2021-08-vultur-malware-technique-banking-credentials.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
