Android banking Trojan Medusa has resurfaced after nearly a year of silence, and it’s more dangerous than ever. The latest version of the Trojan is more lightweight and requests fewer device permissions to avoid detection. Originally discovered in 2020, Medusa was a banking Trojan with ties to Turkey that initially targeted financial institutions in the country. However, by 2022, it had expanded its reach to North America and Europe, causing significant financial losses.
Now, the new variant of Medusa is targeting Android users globally, including those in the U.S., Canada, Spain, France, Italy, the U.K., and Turkey. Cybersecurity experts at Cleafy have observed a surge in the number of installations of an app called “4K Sports,” which is being used by hackers to distribute the new malware. This upgraded version of Medusa has made significant changes to its operations to evade detection. It now requests fewer permissions, making it harder to detect, but still asks for Accessibility Services permissions, which should raise a red flag for users.
In addition to fewer commands, the new variant of the Android Trojan has added five new ones, including setting a black screen overlay and taking screenshots. Hackers are not only using the 4K Sports app to install Medusa but also fake apps like Google Chrome, InatTV, Purolator, and 5G. In the U.S., Chrome, InatTV, and Purolator are the main apps being exploited by these cybercriminals.
The scale of the Medusa cyberattack is massive, with two distinct botnet groups identified by Cleafy. The first group, consisting of botnets named AFETZEDE, ANAKONDA, PEMBE, and TONY, primarily targets users in Turkey but also extends its operations to Canada and the U.S. The second group, including the UNKN botnet, focuses on European users, particularly in Italy and France, and uses new tactics to spread the malware beyond traditional phishing methods.
To protect yourself from the Medusa Android Trojan and similar threats, it’s essential to be cautious of phishing attempts, have strong antivirus software, download apps from reliable sources like the Google Play Store, use identity theft protection services, monitor your accounts regularly, enable SMS notifications for your bank accounts, set up two-factor authentication, use a password manager, keep your device’s software up to date, and carefully review app permissions.
As mobile malware like Medusa becomes more sophisticated, the cybersecurity industry must respond with advanced detection and prevention measures to safeguard users’ personal and financial information. Stay informed and take proactive steps to protect yourself from evolving threats in the digital landscape.