Security experts recently came across a new and much more powerful version of the Vultur malware that poses as McAfee Security app on Android devices to steal your sensitive information like passwords, credit card details, photos and other files.

According to Bleeping Computer, the malware was first spotted by the fraud detection firm ThreatFabric was being distributed via the Google Play Store in late 2022 and has been active ever since. However, a new report from Fox-IT which is a part of the NCC group has discovered a new more powerful and stealthy version of the virus.

What is Vultur and how does it work?

Scammers are randomly sending an SMS to unaware Android users saying they have detected an unauthorised transaction from their bank account and asking them to call a number that will help them fix the problem.

When you call the number mentioned in the SMS, it is answered by a scammer who then sends another SMS with a link that asks users to download a virus-packed version of the McAfee Security app, which contains the Brunhilda malware dropper.

If you install the app, the fake McAfee Security will then run three payloads that allow it to use ‘Accessibility Services’ on your device, following which a connection is established with the malware’s central server.

Festive offer

Vultur Android malware Here’s how the Vultur trojan works. (Image Source: Fox-IT)

Once it gains access to your Android phone, Vultur will then start recording everything you do on your phone, log your passwords and allow the attacks to monitor and remotely take over and monitor your phone. As it turns out, the new version of Vultur also introduces some features like the ability to download, upload, delete, install and find files on your phone, prevent certain apps from running, bypass the lock screen and even send custom notifications to mislead users.

How do I stay safe from banking trojans like Vultur?

If you want to stay safe from Vultur or other similar Android malwares, make sure you don’t download and install apps from URLs sent over SMS or instant messaging platforms like WhatsApp unless they are from a trusted source.

Another way to keep yourself safe is by granting permissions to an app that are needed for its core functionality. For example, most camera apps will only need to access your files and camera, so if they ask for access to your call logs, chances are high they might be selling your data or pack some form of malware.



By admin