![]() ![]() With a special command, Medusa can collect information about active windows, including the position of fields and certain elements within a user interface, any text inside those elements, and whether the field is a password field. “A command like ‘fillfocus’ allows the malware to set the text value of any specific text box to an arbitrary value chosen by the attacker, e.g., the beneficiary of a bank transfer.”Īccessibility events logging is a companion upgrade to the above. “By abusing Accessibility Services, Medusa is able to execute commands on any app that is running on a victim’s device,” researchers noted. To boot, it has received several updates and improved in its obfuscation techniques as it hops on Flubot’s infrastructure coattails, researchers said.įor one, it now has an accessibility-scripting engine that allows actors to perform a set of actions on the victim’s behalf, with the help of Android Accessibility Service. “Powered with multiple remote-access features, Medusa poses a critical threat to financial organizations in targeted regions.” Medusa Bursts on the Sceneįirst discovered in July 2020, Medusa (related to the Tanglebot family of RATs) is a mobile banking trojan that can gain near-complete control over a user’s device, including capabilities for keylogging, banking trojan activity, and audio and video streaming. “After targeting Turkish financial organizations in its first period of activity in 2020, Medusa has now switched its focus to North America and Europe, which results in significant number of infected devices,” ThreatFabric researchers noted. Recent campaigns have targeted users from Canada, Turkey and the United States. Unlike Flubot, which mainly spreads in Europe, Medusa is more of an equal-opportunity threat when it comes to geography. ThreatFabric pointed out that Medusa has multiple botnets carrying out multiple campaigns. “In less than a month, this distribution approach allowed Medusa to reach more than 1,500 infected devices in one botnet, masquerading as DHL.”Īnd that’s just for one botnet. The malicious implant also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” – like the flu.Īpparently, Medusa likes the cut of Flubot’s jib: “Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons,” ThreatFabric researchers noted in a Monday analysis. Then, it sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. If a victim falls for the ruse, the malware is installed, which adds the infected device to a botnet. The Flubot malware (aka Cabassous) is delivered to targets through SMS texts that prompt them to install a “missed package delivery” app or a faux version of Flash Player. That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns. When the contestant teased on the big stage that “success comes in the grayest of places,” Jenny McCarthy took that to be a clue to the blockbuster film “Fifty Shades of Grey.” She put two and two together and surmised that Medusa might be Ellie Goulding, as she sang the movie’s song “Love Me Like You Do.” “I think I’m on to something, you guys,” Jenny stated proudly.Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa. Do YOU have any ideas? Read on for the judges’ “The Masked Singer” Medusa guesses. The snake-haired villainess performed a pitch-perfect rendition of “Happier Than Ever” during the season premiere and left the judges “speechless.” Since Medusa earned enough votes to advance to the following week, we have to wait a bit longer to see who she really is. The four panelists on “ The Masked Singer” are having a hard time narrowing down the identity of the secret celebrity hiding inside the Medusa costume. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |