Vultur Malware Commits Bank-Fraud on Devices

167
SHARE

“Banking threats on the mobile platform are no longer only based on well-known overlay attacks but are evolving into RAT-like malware, inheriting useful tricks like detecting foreground applications to start screen recording,” ThreatFabric researchers describe the innovations in how Vultur malware operates.

It has stealth features that make on-device fraud easier. Vultur can circumvent phishing MO’s that require the use of two devices. Attacks are automated and can be scripted on the backend of the malware through sequenced commands.

It has a smooth stealthy operation by obtaining permissions when downloaded. This hybrid malware uses an overlay taken from earlier versions of malware. Then it monitors all requests and waits till accessibility services are triggered.

The malware can remain hidden in trojanized apps that are full-featured programs that provide real services. This includes health and fitness tracking or even two-factor authentication.

Vultur can protect itself to prevent the app from being deleted. When the user tries to access the app details screen in the Android settings, Vultur will automatically click the back button. This effectively blocks you from accessing the uninstall button.