NEW YORK – Android banking Trojan Medusa has returned after almost a yearlong hiatus and is now even more dangerous. The new variant of the Trojan is lightweight and requests fewer device permissions to avoid detection.
First identified in 2020, Medusa is a Turkish-linked banking Trojan that initially targeted Turkish financial institutions.
It expanded rapidly by 2022, launching major campaigns in North America and Europe, causing significant monetary harm. Medusa’s new variant is now targeting Android users across the globe, including those located in the U.S., Canada, Spain, France, Italy, the U.K. and Turkey.
How does the Medusa Android Trojan evade detection?
Since July 2023, Medusa attacks are back with a new version. Cybersecurity experts from Cleafy found a spike in the number of installs of an app called “4K Sports.” This app is being used by hackers to put malware on people’s Android phones. The new malware is an upgraded Medusa with big changes in how it works.
It asks for fewer permissions, making it sneakier. It still requests Accessibility Services, which is a big red flag. Android’s Accessibility Service is a powerful tool that helps people with disabilities use mobile devices more easily. When you grant an app Accessibility permissions, you’re essentially giving it the ability to do whatever it wants on your phone.
Find out how to protect yourself from the Medusa Android Trojan by clicking on Fox
