scorecardThis new Android banking malware can screen record everything on your phone
  1. Home
  2. tech
  3. news
  4. This new Android banking malware can screen record everything on your phone

This new Android banking malware can screen record everything on your phone

This new Android banking malware can screen record everything on your phone
Tech2 min read
  • ThreatFabric has discovered a new Android banking trojan, Vultur.
  • Vultur is more advanced than other Android banking trojans as it uses screen recording to steal login credentials.
  • This malware has been used to target banking applications and crypto wallets as well.
Researchers have discovered a new Android malware that records everything happening on your phone. This Android banking trojan dubbed ‘Vultur’ manages to easily get hold of your login credentials through screen recording and keylogging, according to security firm ThreatFabric. The Vultur malware is believed to be installed on Android phones through a dropper framework called “Brundilha” which takes the form of fitness apps and 2FA authenticators on the Google Play Store.

According to ThreatFabric, Vultur is the first Android banking trojan it discovered that uses both screen recording and keylogging as its main strategy to get access to a user’s login credentials. Other Android banking trojans go for the usual process of the HTML overlay strategy that takes more time and effort to steal sensitive data.

The Vultur malware was found in at least two dropper apps with one having more than 5,000 installations on the Play Store. ThreatFabric estimates the number of potential victims to be in the thousands. This malware mostly targeted banking institutions in Italy, Australia and Spain. Crypto wallets were also targeted, it added.

How Vultur works

Vultur relies on Accessibility Services to operate on Android smartphones. It uses VNC (Virtual Network Computing), a software used to remotely control another computer, to screen record everything that happens on the victim’s phone. It can even detect when the victim is using an app that is from the list of targeted apps so that it can initiate the screen recording process. ThreatFabric noted that when the screen recording is going on, the notification panel will show “Projection Guard” under the casting icon.

How Vultur is different from other Android banking trojans

The approach Vultur uses to harvest login credentials is different from other Android banking trojans. In most cases, the regular Android banking trojan tricks victims into entering their credentials in what they think is an authentic banking app and then giving access to the attackers. Vultur, on the other hand, uses screen recording thereby easily gaining access to the login credentials without having to use any other tricks.

The discovery of this malware showed that Android banking trojans have become far more advanced, and it is now easier for attackers to get access to login credentials. ThreatFabric wants that mobile banking malware will only increase in the future, and get more sophisticated as well.


Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google
Android apps with over 5.8 million downloads caught stealing users’ Facebook passwords