Cybersecurity experts have recently discovered a new version of the Trojan Android virus known as Vultur, which comes with enhanced capabilities for remote control and protection mechanisms. The first version of this malicious software was initially identified by Threatfabric in March 2021, but by the end of 2022, the virus started spreading through Dropper applications found on Google Play. As of late 2023, the Zimperium mobile security platform identified Vultur as one of the top ten most active banking Trojans, affecting 122 banking applications across 15 countries.
A detailed report on the new version of Vultur was recently released by FOX-IT, a division of NCC Group, which highlighted the malware’s use of more sophisticated distribution methods involving SMS phishing and fraudulent calls. The infection process typically begins with an SMS alerting the victim about an unauthorized banking transaction, followed by a deceptive call offering help. The cybercriminals then trick the victim into installing what appears to be a legitimate McAfee Security app to prevent further unauthorized transactions, which is actually a disguised version of the Vultur malware.
While retaining features from previous versions such as screen recording, keylogging, and remote access, the new Vultur version also introduces additional capabilities like file management, exploiting Android special features for simulating touches and swipes, application blocking, and displaying fake notifications. To evade detection, the malware utilizes complex techniques like encrypted communication with the control server and native code to decrypt the payload, making it harder to analyze and detect.
Developers of Vultur have specifically focused on enhancing remote control functionalities, incorporating commands for volume control, application blocking, and more. To minimize the risk of being infected by Android malware like Vultur, experts advise users to only download applications from trusted sources such as the official Google Play store and to refrain from clicking on links included in messages. Additionally, it is crucial to carefully review app permissions and grant access only to necessary functions to maintain device security.