This Vulture can empty your bank account, cyber security firm sounds alarm bells
Vultur banking trojan that is posing as a security to steal data from Android users. Researchers claim that the latest version of the malware includes more advanced remote control capabilities and an improved evasion mechanism. A report from Fox-IT (spotted by Bleeping Computer), which is part of the NCC Group has warned users that cybercriminals are spreading new, more evasive version of Vultur to victims through a hybrid attack. This type of attack relies on «smishing» (SMS phishing) and phone calls that trick their targets into installing a version of the malware that poses as the McAfee Security app.
How is the new version of Vultur malware more dangerous?
The report revealed that the infection chain of the latest version of Vultur starts with the victim receiving an SMS message alerting them of an unauthorised transaction and instructing them to call a provided number for guidance. As the victim follows the instructions, the call is answered by a fraudster who then persuades the victim to open the link which arrives with a second SMS. Clicking on this link then directs the victims to a site that offers a fake version of the McAfee Security app.
The modified version of the McAfee Security app includes the ‘Brunhilda’ malware dropper. Once installed, the fake app decrypts and executes three Vultur-related payloads (two APKs and a DEX file) that can obtain access to the Accessibility Services, initialise the remote control systems and establish a connection with its command and control (C2) server.
Here's how
