Security researchers have discovered a new Trojan based on the Android mobile operating system. With remote access, this malware is able to record smartphone screens and steal personal information, including banking information.
IPhone users are not the only victims of bank fraud, including owners of Android devices. Indeed, Vultur is the first Android banking trojan that can automate and streamline the collection of login information using keys and screen registration. Compared to other similar malware, hackers simply recorded the screen remotely.
According to security researchers at ThreatFabric, Vultur takes advantage of access rights to record keyboard activity and uses the VNC screen recording feature to record all phone activity, eliminating the need to register a new device. This technology makes it difficult to identify bank fraud.
Remote Bank Fraud: 30,000 Android devices that have received malware
The malware is installed from an infected application known as a dropper (or “dropper”). So far, ThreatFabric researchers have found several infected apps in the Google Play store that installed Vultur (based on a custom dropper called Brunhilda). All in all the number of infected devices would be about 30,000 at the moment. The researchers said their estimated amounts come from malware previously available from the Google Play store that was obtained from third-party markets. Countries such as Italy, Australia and Spain are the countries most targeted by banking institutions.
Although Google has taken the initiative to remove all applications known to contain the Brunhilda plug, ThreatFabric security researchers believe that new infected applications may appear in the future. Therefore, Android device users should only install apps that provide useful services, and even apps from well-known publishers whenever possible. They also need to pay special attention to user ratings and application behavior to detect signs of malicious intent.