CATEGORIES
home News

Vultur Android Malware Swoops In To Stealthily Steal Banking Credentials

by Nathan OrdFriday, July 30, 2021, 04:06 PM EDT
vultur malware discovered stealing banking credentials
Some vultures prey on dead animals, other Vulturs prey on banking information entered on Android devices. In late March of this year, ThreatFabric detected an Android-based remote access trojan (RAT) malware, dubbed Vultur, collecting login credentials. However, the threat actors took a different approach to the thievery by simply recording what is shown on a screen through VNC.

As ThreatFabric describes, a “vulture is a large bird of prey that specializes in attacking and feeding on weak and helpless animals,” and they keep their “eyes on their preys for a long time before making a move, which happens only when they are sure the attack is lethal and successful.” The Vultur malware works similarly, wherein it observes everything happening on a device with screen recording over VNC and keylogging capabilities.

overview 2 vultur malware discovered stealing banking credentials

As time goes on, personably identifiable information (PII) like usernames, passwords, and other information is collected for later malicious use. While this is certainly interesting, ThreatFabric also found that Vultur has ties to older malware.
method 2 vultur malware discovered stealing banking credentials

In late 2020, Bitdefender discovered a malware dropper on the Google Play Store, which was disguised as a variety of utility applications like “fitness apps and 2FA authenticators.” The dropper was then dubbed “Brunhilda,” by researchers over at PRODFRAFT, who did further analysis on this.

compare2 vultur malware discovered stealing banking credentials

Then, following the discovery of Vultur, ThreatFabric researchers looked at code samples of Brunhilda, which looked strikingly similar to code within Vultur. Furthermore, Vultur was found using the same command and control servers as Brunhilda in the past. Thus, it is now believed that the two are “connected and operated by a private group using their own dropper to distribute different malware.”

compare 2 vultur malware discovered stealing banking credentials

Aside from this interesting connection that gives some insight into the business of malware, it also shows the continuing trend of mobile malware infections. ThreatFabric states as much, saying that “As the mobile channels of financial institutions continue to grow, mobile banking malware will only become more popular.”

However, while having mobile financial data is not necessarily bad, everyone needs to be more careful. Moreover, unless companies work harder to secure devices and app stores, we will only see the trend expand exponentially, as it is a good way for a threat actor to make a quick buck.
Tags:  Android, Malware, Google, (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment