This Android malware records your screen — what you can do
This Android malware records your screen — what you can do
A nasty Android Trojan targeting cyberbanking, social-media and cryptocurrency apps steals your information the old-fashioned way: It records everything happening on your phone's screen.
The malware, dubbed "Vultur" by researchers at Amsterdam-based data-security firm ThreatFabric, targets the apps of banks in Australia, Italy, Espana, the Netherlands and the U.K.; social-media apps including Facebook, WhatsApp and TikTok; and cryptocurrency apps from Binance, Coinbase and others.
- How to delete your Google Search history
- The all-time Android antivirus apps
- How to check Android battery health
- Plus: Don't let your browser autofill your passwords — here's why
Vultur is installed on Android phones by a "dropper" called Brunhilda, which is present in several fitness, phone-security and authentication apps, some of which have been institute in the Google Play shop. The infected apps piece of work as the user expects, just behind the scenes, Brunhilda reaches out to malware servers and downloads Vultur (or other malware).
One infected app called Protection Guard had more than five,000 installations before it was removed from Google Play. ThreatFabric estimates that thirty,000 phones may have been infected by Brunhilda. Regarding Vultur specifically, ThreatFabric's report said "we estimate the number of potential victims to be in the thousands."
Most Android banking Trojans steal user login credentials by creating "overlays," fake login screens that look like they belong to widely used online-banking apps. Simply Vultur takes another approach: It uses remote-access technology to just record everything the owner of an infected phone does when certain apps are being used. It as well uses a keylogger to capture user inputs that aren't visible on screen.
The recordings are transmitted to servers run by the criminals operating Vultur, who then can play back screen recordings of unwitting victims logging into and using Facebook, accessing their depository financial institution accounts or making cryptocurrency trades. Combined with the keylogging data, this gives the criminals a walk-through of each potential victims going nigh routine business organization.
Vultur does all this by abusing Accessibility Services, a function in Android that'south meant to help users with visual or auditory impairments, or users who may not be able to see the screen. For case, Accessibility Services lets one app read out what's on another app's screen.
But considering it gives apps unusual access to i another, far beyond what'due south normally permitted past Android, Accessibility Services is often driveling past information-stealing malware. Vultur even uses the part to hijack the screen if the user tries to delete the infected app — it immediately presses the Back button.
Users can stop Vultur (and many other cyberbanking Trojans) dead in its tracks by denying the infected app permission to utilize Accessibility Services. Every bit Vultur frequently arrives in the form of an app that really doesn't need Accessibility Services, this shouldn't always be hard to detect.
You tin can also detect Vulture, ThreatFabric says, considering when it'south transmitting data to its control-and-control server, the active "casting" icon volition evidence up in the Android notifications. If you lot're non casting something and the icon shows up anyway, that's reason to worry.
Another way is to install and utilize one of the best Android antivirus apps. Brunhilda is a known threat, and most antivirus apps will detect information technology right away; Vultur should exist added to the listing soon if it isn't in that location already.
Source: https://www.tomsguide.com/news/vultur-android-banking-trojan
Posted by: hillcating.blogspot.com
0 Response to "This Android malware records your screen — what you can do"
Post a Comment