A team of researchers from security firm Threat Fabric reports on its website’s blog page that they have found examples of a new type of malware in Android apps download from Google Play that attempt to steal banking login information. They have name the new malware Vultur, after the birds that prey on injure or dead targets.
The Threat Fabric team notes that previous efforts to steal banking login and password information from users of Android-base devices have use overlays; where an image is paste on top of an app’s login page and the data from that is then routed to the attackers. In this new threat, the Vultur software instead uses code to recognize when a data entry form is use. Takes a screenshot, and then begins logging keystrokes. Any data captured by the malware is then routed to a site specifie by its creators.
The Threat Fabric team notes that so far
Vultur has mainly affect people living in Italy, Australia, the United Uganda WhatsApp Number List Kingdom, and the Netherlands. , such as TikTok, Facebook, and WhatsApp, they have also seen a few cases of cryptocurrency apps being targeted as well.
The malware can find its way onto users’ devices via a “dropper” call Brunhilda
which has been found in several phone security, fitness, and authentication apps, all on Google Play. The ThreatFabric team estimates that around 30,000 Android-base devices have WhatsApp Number Database been infect with Brunhilda to date, suggesting that thousands of users have likely been infect with Vultur.
They also note that Vultur uses accessibility services
On infected devices to prevent users from removing it from their device. It triggers a press of the Back button if such an attempt is made.
Users can prevent the malware from stealing their Bulk Database data by denying access when notifi by Accessibility Services. Additionally, the malware can be detect by a broadcast icon that appears when users don’t broadcast something. ThreatFabric also suggests installing Android antivirus apps.
