Warning danger for Android users! The new version of the “vulture” comes with more sophisticated remote control features and an improved evasion mechanism.
Detected for the first time in 2021, and massively installed via infected applications from the Play Store at the end of 2022, Vultur quickly established itself as one of the most formidable banking Trojans on Android. At the end of 2023, a new, even more formidable variant was discovered, infiltrating via a hybrid attack combining smishing (phishing by SMS) and telephone calls.
And if that wasn’t enough, this version 2.0 of Vultur incorporates more advanced remote control capabilities and more robust evasion mechanisms, making it more difficult to detect and block by usual protection tools, such as than VPNs or antiviruses.
A new hybrid infection chain: SMS and phone call
To trick unsuspecting users into installing malware, hackers are using a hybrid attack using two SMS messages and a phone call.
First, the victim receives an SMS message asking them to call a number if they have not authorized a transaction involving a large amount of money. In reality, this transaction never happened, but it creates a false sense of urgency to encourage the victim to act quickly.
A second SMS is sent during the phone call, where the victim is asked to install a “trojanized” version of the McAfee Security application from a link. This application actually contains the “malware dropper” innocently named “Brunhilda”, which seems harmless to the victim because it contains features only known from the original McAfee Security application. This “dropper” decrypts and executes a total of 3 Vultur-related payloads, giving hackers full control over the victim’s mobile device.
Advanced features to take full control of the device
Deployed like a dark bird, Vultur 2.0 allows hackers to completely control the infected device. Thanks to new evasion mechanisms, such as C2 (AES + Base64) communications encryption, the use of dynamically decrypted encrypted payloads, and cloaking under legitimate applications, with the use of native code to complicate engineering reverse and avoid detection, this Trojan breaks all the locks of Trojanized Android devices.
For example, scammers can monitor the victim’s activity in real time using screen and keyboard recording, take control of the device remotely via
tools like AlphaVNC and ngrok, which allow money transfers, fraudulent purchases or the installation of additional malware.
But this control does not stop there. Hackers can also block certain applications, disable security and screen lock or the display of personalized notifications. But they can also access the entire file management, including downloading,
loading, deleting, installing and searching.
Finally, apart from performing clicks, swipe or scroll gestures, they have the option to block the use of specific applications to prevent Brunhilda malware from being detected and removed.
Bitdefender
-
mood
30 day trial
-
devices
3 to 10 devices
-
phishing
Anti-phishing included
-
local_atm
Anti-ransomware included
-
groups
Parental controls included
9.5
Bitdefender continues the momentum of previous versions with continued efficiency. To detect and block any type of threat coming from the Internet, the suite is flawless. There are no false positives to report, and it has no significant impact on Windows performance. The software protects your computer flawlessly, therefore. Compared to previous versions, we regret some interface choices which lean too much towards the general public, even if we always salute the didactic effort of the publisher. Bitdefender’s suite is undoubtedly one of the best security suites for Windows to protect your files, at an attractive price for purchasing the subscription. It is also available on Apple and Android systems.
Read the full review Try Bitdefender now!
- Excellent feature/subscription price ratio
- Flawless efficiency of the service
- Slight impact on performance
- Very easy to administer from the web console
- An interface that’s a little too mainstream
Source: Bleeping Computer, Fox It
0