This new Android banking malware can screen record everything on your phone
- ThreatFabric has discovered a new Android banking trojan, Vultur.
- Vultur is more advanced than other Android banking trojans as it uses screen recording to steal login credentials.
malwarehas been used to target banking applications and crypto wallets as well.
According to ThreatFabric, Vultur is the first Android banking trojan it discovered that uses both screen recording and keylogging as its main strategy to get access to a user’s login credentials. Other Android banking trojans go for the usual process of the HTML overlay strategy that takes more time and effort to steal sensitive data.
The Vultur malware was found in at least two dropper apps with one having more than 5,000 installations on the Play Store. ThreatFabric estimates the number of potential victims to be in the thousands. This malware mostly targeted banking institutions in Italy, Australia and Spain. Crypto wallets were also targeted, it added.
AdvertisementHow Vultur works
Vultur relies on Accessibility Services to operate on Android smartphones. It uses VNC (Virtual Network Computing), a software used to remotely control another computer, to screen record everything that happens on the victim’s phone. It can even detect when the victim is using an app that is from the list of targeted apps so that it can initiate the screen recording process. ThreatFabric noted that when the screen recording is going on, the notification panel will show “Projection Guard” under the casting icon.
How Vultur is different from other Android banking trojans
The approach Vultur uses to harvest login credentials is different from other Android banking trojans. In most cases, the regular Android banking trojan tricks victims into entering their credentials in what they think is an authentic banking app and then giving access to the attackers. Vultur, on the other hand, uses screen recording thereby easily gaining access to the login credentials without having to use any other tricks.
The discovery of this malware showed that Android banking trojans have become far more advanced, and it is now easier for attackers to get access to login credentials. ThreatFabric wants that mobile
Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google
Android apps with over 5.8 million downloads caught stealing users’ Facebook passwords
Popular on BI
- OnePlus blames voltage fluctuation after a user reports Nord 2 charger explosion
- Dropbox's billionaire founder Drew Houston says the 40-hour office week is a thing of the past and the pandemic has changed work forever
- Facebook pumping $50 million into its metaverse project is another sign that Zuckerberg doesn’t want to miss the crypto bus
- Buy biodegradable sanitary pads for women in India
- Best baby booster seat in India
- Amazon-backed Capital Float plans to go big in the buy now, pay later segment; raises $50 million
- Where Indians work — seven charts that show you the employment map of the world’s sixth largest economy
- Alibaba, Binance, Sparkpool and other companies are scrambling to avoid any heat from China over crypto concerns