Vultur, a new RAT malware, is being downloaded through the Google Play Store. Hacker gangs are using the innovative malware to fine-tune the harvesting of login credentials from more than 100 cryptocurrency, payment platforms, and banking apps.
It was discovered by the Amsterdam-based cybersecurity firm ThreatFabric. Vultur is one of the first Android threats with the ability to copy a device screen when a targeted app is opened.
Researchers at Threatfabric have sent out a warning post They describe how the malware is enabled through the implementation of the VNC screen-sharing application which mirrors the screen of the infected device. And sends the info to the hacker-controlled server.
The malware is “smarter” than previous versions. And it takes the threat to a whole new level.
Vultur is a stealthy attacker
Typical Android-based bank-fraud malware superimposes an identical window over your login screen. The “overlay,” looks identical to the user interface of the banking app. So when users enter login credentials they believe they are using secure software. Then hackers steal the credentials and enter them on a separate device running the app. This allows the attacker to pose as the victim to take your money directly.