+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

This new Android banking malware can screen record everything on your phone

Aug 3, 2021, 15:06 IST
Business Insider India
The Vultur malware was found in at least two dropper apps with one having more than 5,000 installations on the Play Store.Unsplash
  • ThreatFabric has discovered a new Android banking trojan, Vultur.
  • Vultur is more advanced than other Android banking trojans as it uses screen recording to steal login credentials.
  • This malware has been used to target banking applications and crypto wallets as well.
Advertisement
Researchers have discovered a new Android malware that records everything happening on your phone. This Android banking trojan dubbed ‘Vultur’ manages to easily get hold of your login credentials through screen recording and keylogging, according to security firm ThreatFabric. The Vultur malware is believed to be installed on Android phones through a dropper framework called “Brundilha” which takes the form of fitness apps and 2FA authenticators on the Google Play Store.

According to ThreatFabric, Vultur is the first Android banking trojan it discovered that uses both screen recording and keylogging as its main strategy to get access to a user’s login credentials. Other Android banking trojans go for the usual process of the HTML overlay strategy that takes more time and effort to steal sensitive data.

The Vultur malware was found in at least two dropper apps with one having more than 5,000 installations on the Play Store. ThreatFabric estimates the number of potential victims to be in the thousands. This malware mostly targeted banking institutions in Italy, Australia and Spain. Crypto wallets were also targeted, it added.

How Vultur works

Vultur relies on Accessibility Services to operate on Android smartphones. It uses VNC (Virtual Network Computing), a software used to remotely control another computer, to screen record everything that happens on the victim’s phone. It can even detect when the victim is using an app that is from the list of targeted apps so that it can initiate the screen recording process. ThreatFabric noted that when the screen recording is going on, the notification panel will show “Projection Guard” under the casting icon.

How Vultur is different from other Android banking trojans

Advertisement

The approach Vultur uses to harvest login credentials is different from other Android banking trojans. In most cases, the regular Android banking trojan tricks victims into entering their credentials in what they think is an authentic banking app and then giving access to the attackers. Vultur, on the other hand, uses screen recording thereby easily gaining access to the login credentials without having to use any other tricks.

The discovery of this malware showed that Android banking trojans have become far more advanced, and it is now easier for attackers to get access to login credentials. ThreatFabric wants that mobile banking malware will only increase in the future, and get more sophisticated as well.

SEE ALSO:

Gmail blocks more than 100 million phishing attempts, Google Play scans 100 apps for malware everyday, says Google
Android apps with over 5.8 million downloads caught stealing users’ Facebook passwords
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article