A new Android banking trojan, identified as an upgraded version of the Vultur malware, has been detected by cybersecurity researchers. Unlike previous versions, this new variant is utilizing different distribution tactics, including smishing and exploiting legitimate apps, rather than dropper apps on the Play Store. The attackers initiate their scheme by sending SMS messages to potential victims, urging them to call a provided phone number under the pretense of an unauthorized payment transaction.

If the victim falls for the scam and calls the number, they are coaxed into downloading a tampered version of the McAfee Security app. Despite its appearance of functioning as a legitimate security tool, the app surreptitiously deploys the Brunhilda malware dropper in the background. This dropper then delivers three malicious payloads, including APKs and a DEX file, allowing the attackers to establish a connection with a command and control server and gain remote control over the infected Android device.

The Vultur trojan boasts an array of capabilities, such as screen recording, keystroke logging, remote access via AlphaVNC and ngrok, file download and upload, app installation and deletion, device navigation, notification display, and lock screen bypass. To avoid detection, Vultur encrypts its communication with the C2 server. To safeguard against such threats, users are advised to exercise caution and only download apps from reputable sources.

TechRadar Pro newsletter offers a comprehensive source for the latest news, opinions, features, and insights essential for business success. Stay informed by signing up for the newsletter. This alert was reported via BleepingComputer website.