More compact iterations of the Medusa Android banking trojan, also known as TangleBot, featuring fewer permissions have been deployed as part of more than two dozen attack campaigns aimed at the U.S., Canada, and other countries in Europe and Asia, following reduced activity, reports BleepingComputer.
Attacks involved five botnets to facilitate the distribution of malicious apps with the updated Medusa trojan, which added five new commands allowing app uninstallation, "Drawing Over" permission requests, black screen overlays, screenshot capturing, and user secret updating while omitting 17 old commands, according to a report from Cleafy. Further examination of the UNKN botnet leveraged to target several European countries revealed the use of a fraudulent sports streaming app and Chrome browser, as well as a 5G connectivity app to spread the new Medusa variant. Such findings indicate the Medusa trojan's increasing stealth and scope, with experts noting the emergence of more advanced malware-as-a-service distribution techniques.
