Medusa Banking Trojan Makes Comeback With Upgrades Targeting Android Devices in Seven Countries

Medusa can now perform on-device fraud targeted at users with Android smartphones.

Advertisement
Written by Akash Dutta, Edited by David Delima | Updated: 27 June 2024 17:31 IST
Highlights
  • Medusa is a banking trojan that can reportedly write and read SMS
  • The malware is said to be active since July 2023
  • Medusa is said to have had multiple upgrades over the 2020 variant
Medusa Banking Trojan Makes Comeback With Upgrades Targeting Android Devices in Seven Countries

The malware is reportedly targeting several European and North American countries

Photo Credit: Pexels/Sora Shimazaki

Medusa, a banking trojan that was first identified in 2020, has reportedly returned with several new upgrades that make it more threatening. The new variant of the malware is also said to be targeting more regions than the original version. A cybersecurity firm has detected the trojan active in Canada, France, Italy, Spain, Turkey, the UK, and the US. Medusa primarily attacks Google's Android operating system, putting smartphone owners at risk. Like any banking trojan, it goes after the banking apps on the device and can even perform on-device frauds.

New variants of Medusa banking trojan discovered

Cybersecurity firm Cleafy reports that new fraud campaigns involving the Medusa banking trojan were spotted in May after remaining under the radar for almost a year. Medusa is a type of TangleBot — an Android malware that can infect a device and give the attackers a wide range of control over it. While they can be used for stealing personal information and spying on individuals, Medusa, being a banking trojan, mainly attacks banking apps and steals money from victims.

The original version of Medusa was equipped with powerful capabilities. For instance, it had the remote access trojan (RAT) capability that allowed it to grant the attacker screen controls and the ability to read and write SMS. It also came with a keylogger and the combination allowed it to perform one of the most dangerous fraud scenarios — on-device fraud, according to the firm.

However, the new variant is said to be even more dangerous. The cybersecurity firm found that 17 commands that existed in the older malware were removed in the latest Trojan. This was done to minimise the requirement of permissions in the bundled file, raising less suspicion. Another upgrade is that it can set a black screen overlay on the attacked device, which can make the user think the device is locked or powered off, while the trojan performs its malicious activities.

Advertisement

Threat actors are also reportedly using new delivery mechanisms to infect devices. Earlier, these were spread via SMS links. But now, dropper apps (apps that appear to be legitimate but deploy the malware once installed) are being used to install Medusa under the guise of an update. However, the report highlighted that the malware makers have not been able to deploy Medusa via the Google Play store.

After being installed, the app flashes messages prompting the user to enable accessibility services to collect the sensor data and keystrokes. The data is then compressed and exported to an encoded C2 server. Once enough information has been collected, the threat actor can use remote access to take control of the device and commit financial fraud.

Advertisement

Android users are recommended to not click on URLs shared via SMS, messaging apps, or social media platforms by unknown senders. They should also be cautious while downloading apps from untrusted sources, or simply stick to the Google Play store to download and update apps.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Tecno Pova 7 5G, Pova 7 Pro 5G Launched in India: Price, Availability
  2. Here's How Much the Vivo X Fold 5 and Vivo X200 FE Might Cost in India
  3. Apple Plans to Launch M5-Powered MacBook Pro This Year: Report
  4. Samsung Galaxy Z Fold 7 Hands-On Images Suggest It Might Sport This Design
  5. OTT Releases This Week: Kaalidhar Laapata, Thug Life, The Good Wife, and More
  6. iQOO 13 Launched in india in Green Colourway: See Price, Availability
  7. The Good Wife OTT Release Date: When and Where to Watch it Online?
  8. Tecno Pova 7 5G Series Launching Today: All You Need to Know
  1. Mivi AI Buds TWS Earphones Launched in India With In-Built AI Assistant
  2. Samsung Galaxy Z Fold 7, Galaxy Z Flip 7 First-Party Cases and Screen Protectors Leaked: See Colours
  3. Nvidia Briefly on Track to Become World's Most Valuable Company Ever
  4. iQOO 13 Green Colour Variant Launched in India: Check Price, Availability
  5. Meta Poaches CEO of Ilya Sutskever's Startup in AI Talent War
  6. Google's AI Overviews Hit by EU Antitrust Complaint From Independent Publishers
  7. Baidu’s MuseStreamer AI Video Generation Model Takes on Google’s Veo 3 With Native Audio Support: Report
  8. Chinese Sales of Foreign Phone Makers, Including Apple's iPhone, Drop 9.7 Percent in May
  9. Huawei Watch Fit 4, Watch Fit 4 Pro Launched in India With In-Built GPS, Up to 10 Days of Battery Life
  10. YouTube to Revise Monetisation Policy to Target Mass-Produced and Repetitive Content
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.