New Medusa malware variants target Android users in seven countries

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.

The new activity has been tracked since May and relies on more compact variants that require fewer permissions and come with fresh features in an attempt to initiate transactions directly from the compromised device

Also known as TangleBot, Medusa banking trojan is an Android malware-as-a-service (MaaS) operation discovered in 2020. The malware provides keylogging, screen controls, and SMS manipulation.

Although it has the same name, the operation is different from the ransomware gang and the Mirai-based botnet for distributed denial-of-service (DDoS) attacks.

The recent campaigns were discovered by the threat intelligence team at online fraud management company Cleafy, who says that the malware variants are lighter, need fewer persmissions on the device, and include full-screen overlaying and screenshot capturing.

Leave a Comment