Medusa Malware is taking control of your device

What is Medusa Malware?

Medusa is a mobile banking trojan virus that has near-complete control of a user’s smartphone, with keylogging, spyware, banking trojan activities, and audio and video broadcasting capabilities. It is attracting media attention because it is now distributing over the same SMS-phishing infrastructure as Flubot. As a result, in less than a month, Medusa was able to infect over 1,500 devices in one botnet using this distribution method.

Attacking your mobile apps:

Medusa can take over the victim’s device and allow the virus to alter the text output of any particular comment field to a random value selected by the hacker. Such as, it can edit any fields on the banking application that runs on the machine. This is how a trojan can target banking platforms and steal login credentials through those phishing messages.

The following snippet shows the code that collects the information of an active window by going through its nodes:

In addition, while investigating Medusa’s rear panels, studies found that the malware’s operators are labelling banking software with a “BANK” tag in order to regulate the required data field. Therefore, every financial application can be vulnerable to this attack, even if it is not currently on the target list.

It can also attack your mobile apps with the help of an Android Accessibility Service. By abusing Accessibility Services, Medusa can execute commands on any app that is running on an android device. As a result, it can perform gestures on the screen, take screenshots, lock your screen, stream video or audio live from your device.

Precautions:

1.Opening emails that are sent from unknown senders should be avoided. In most cases, it is seen that opening any web links found in these messages can cause the infection. You should always use official and trustworthy sources, as opposed to third-party websites.

2. You should always keep your software up to date as it will secure your software more from these malware attacks. In addition, you should not use cracking tools, as they might download/install malware rather than activate the licensed products.

3. You should always use reputable anti-virus software on our computers. If your computer gets infected by this malware, then it is recommended to scan your device with the Combo Cleaner Antivirus for Windows so that it can automatically eliminate this virus.

4. To be safe from this virus, always review the permissions before installing an app. In fact, verify if those permissions are needed to use that app. You should not download an app from a third party and never use cracked or unlicensed software.

Your safety is completely in your own hands. Always maintain vigilance and alertness. You should always keep in mind that someone, somewhere is going to hack you, and the fundamental security precautions outlined above can protect you from hackers.

References:

https://www.bleepingcomputer.com/news/security/medusa-malware-ramps-up-android-sms-phishing-attacks/#:~:text=To%20prevent%20being%20infected%20by,invariably%20lead%20to%20malware%20infections

https://thecybersecurity.news/general-cyber-security-news/medusa-android-banking-trojan-spreading-through-flubots-attacks-network-16511/

https://thecybersecurity.news/vulnerabilities/medusa-malware-joins-flubots-android-distribution-network-16501/

https://www.2-spyware.com/medus-malware-now-distributed-via-flubot-android-distribution-network

https://www.pcrisk.com/removal-guides/16113-medusalocker-ransomware

Join the Conversation

37 Comments

  1. Its truly so scary thinking about how one app could end up having so much control over your smartphone and your personal data, Thank you for bringing this to light. I definitely appreciate the list of precautions given in the end, I never thought of checking the list of permissions for an app before downloading, I will certainly keep this in mind from now on. Great Blog!

  2. Normally, when people think of malware they think it’s only on computers and exists to slow it down. Your post really shows how malware has evolved with the times. Even activities like checking your emails can be a vulnerability now. As someone who enjoys the ease of banking and investing on my smartphone, you’ve made me think twice about using it. Would there be a particular mobile operating system, like iPhone or Android, that is more susceptible to these kinds of attacks?

  3. We pretty much like to do everything from home and online, which makes our life easy but we are not aware of that things that making our life easy it could destroy everything in a sec. We should be aware of what we are using in our phone and thank you for this informative article.

  4. Scams and malware seem to be popping up every day. This one in particular is the scariest because it takes full control of your device, meaning that 2 factor authentication may not be effective even, especially if the authentication code is sent by email or text. I suppose if it is through an authenticator app, there may be a fingerprint check (at least on my phone there is) before allowing access to the generated access codes.

  5. Security is such an important topic for us all to be talking about. Technology is something that has become a vital part of our day to day lives, however there aren’t many programs or methods to teach individuals about the risks that also come with being in this digital age. I for one am learning a lot of how hackers are using programs such as medusa to get into our devices in such a clever way. The fact they can remotely control so many aspects of your information is terrifying. It’s insane how many people go about their lives not knowing about these negative impacts. As you said, our security is in our hands! Amazing post about informing us about the different approach hackers are now taking that we may not be aware of and some precautions.

  6. Wow, this is a very scary reality of the current internet world. These types of viruses spread so easily and it is hard to always be on alert and keep yourself safe. This is why I immediately block any weird phishing texts or calls. It’s funny, I will get texts saying that my BMO account was hacked when I don’t even have a BMO account. You always have to keep an eye out for these types of viruses and it sucks that there are so many of them out there. I will continue to be wary of these viruses and take the precautions that you suggested and suggest onto everyone to do the same.

  7. I am not going to lie, every time after reading some of the blog posts on here, I start running multiple scans on all my devices, haha. I have always been the most worried about being secure against malwares and threats on my phone. I’ve had my banking information stolen online (I suspected it was via my phone) before without even using that information anywhere. It is definitely scary and I have learnt to take my precautions.

    Thank you for sharing this post!

  8. It is a really interesting post, something I really have been noticing especially about iPhones nowadays. Often iOS has a really reputed security system built in their system, however some of the trusted/frequently apps such Documents are now show up messages that says “Your iPhone has been hacked and there has been a data breach.” After reading this post it is kind of traumatizing to get to know about all this happening. It does kind of remind us once again that providing data on the internet should always be done at your own risk!

  9. The more I learn about scams and malware, the more I am convinced that the answer really is just limiting one’s use of the internet as much as possible- obviously one can’t just stop using the internet, but I think one of the most simple security practices would be to not use unnecessary internet services. Perhaps the first question we need to be asking before downloading an app is not “is it safe?”, but rather “is it really needed?”.

  10. It’s always a good reminder that safety is in the hands of the user. It’s been quite the wake up call reading all of these blog posts talking about more targeted attacks, focused on individuals rather than companies. It’s suck’s that 1,500 devices were infected and is absurd how much power a sms-phishing scam can have. Foreign millionaire prince’s requesting transfers aren’t the only red flag anymore!

  11. Great post! I have never heard about medusa but judging by the post, it should be critical for people to be aware of such trojan/viruses. The very fact that 1500 devices were affected shows the reach of the software in attacking applications and countless people probably have fallen victim to such apps. However, the suggestions you elucidated in your post regarding how to protect oneself are very critical because most of the information seems intuitive but sadly not everyone follows this crucial advice. I think public education should spend more on educating the people of the pitfalls of the digitized world to better protect themselves.

  12. I liked that you state that our safety (on the internet) is in our own hands as many of these malware infections are caused by the user themselves usually due to deceiving practices. And as usual, I’m glad that any post about malware/trojans/ransomware/etc includes a precaution section of how to prevent these attacks. It really raises awareness especially when these malware attacks are constantly evolving. Nice post!

  13. Amazing post! These blog posts are continuously teaching me of malware and ransomware I had not heard of before. The great thing about posts like these is that they help inform me and keep reminding me of the potential security threats that may happen to me. I liked how you included preventions and potential protections as it shows me what I need to look out for. One thing that you mentioned that is cool is that the malware can target a lot of banking apps, due to the tag and it is cool to see how people are changing their code to address a wide variety of options, even though in this case it is in a malicious intent.

  14. I enjoyed reading your post, this is the first time I heard of the Medusa virus. It was really interesting to read how the attacker can alter text output and the fact that it can live stream from your device by attacking apps. Technology continues to become more and more integrated into people’s daily life styles, because of that security threats will continue to emerge and evolve. Blog posts like these show me the scary reality of technology, but I’m glad that they make us aware of the different approaches of cyber-attacks. With that said I appreciate the precaution section of your post. Thanks for sharing!

  15. This was really informative. Before this post, I wasn’t even the slightest bit aware that such a malicious trojan was even circulating. It’s already bad enough that it acts as a keylogger but the fact that it can also hijack the most basic functions of your device is quite scary to say the least. 1500 infected devices is already a hefty number, so hopefully more is done to prevent anymore victims. I also appreciate the security tips. It’s one thing to know how the virus operates, but it’s also important to know how to protect yourself against it.

  16. The importance of practicing safe internet usage is really more important now than ever before. Of course, everything is easier said than done, and with malware becoming more advanced and realistic as well, it certainly cannot all be blamed on the user. After having read this post, however, I am more curious about this flubot that was mentioned and how the infrastructure is very similar to that of this medusa malware. I was also interested in how the malware is changing the text outputs and how that can be used to phish for user data. I definitely plan to look into some of this a bit more now, and thank you for your sharing this through your blog post!

  17. Amazing post! Now a days almost everybody uses their phones for everything making it seem like that humans no longer have control on electronic devices and it sucks that I was not even aware of this virus and now with the precautions you have included in your post I will try to be safe and make sure to follow them and thank you for bringing this issue in light so everyone can be aware of this.

  18. Great post, also a little unnerving at just how advanced malwares and viruses in general are becoming. With lots of people shifting to mobile banking and taking care of there finances online, it’s imperative that people be aware of the threats out there and just how easy it is to become a victim to one of these malwares. I think it’s great that you included some tips and precautions on how to avoid these types of threats, greatly appreciated!

  19. Great post! It is surprising to see that even mobile devices are so vulnerable to malware since you almost only exclusively hear about malware on pc’s. I was under the impression that it was very difficult to get malware on your mobile device, unless you went out of your way to download it. So this post was very informative about that, and I will be looking out for that in the future. I didn’t think that an antivirus would be very useful on mobile devices, but after reading this post, I’ll have to look into getting one. Another way you could avoid getting this malware is to not click on popups from apps and websites, since sometimes, even the “x” button could cause you to download it.

  20. This is a very good informative post because it seems like this medusa malware is highly dangerous due to the fact that everyone uses their phone on a daily basis. The fact that malware can steal credentials concerns me because I have banking apps and social media on their phone that requires login information. This is a wakeup call for me to protect my phone and not just my computer.

  21. Great post! I’ve always wondered why people go to such lengths to create problems for innocent people. We can try to educate as many people as possible but a handful still get left out and become victims to such heinous crimes. I wonder if there are ways to reach those people, because I know of several who have been fallen victim due to the lack of education.

  22. Hi! Cool post!
    First off, I like how they named the virus Medusa lol, I wonder if their is any meaning to naming it that.
    Very interesting to read that Medusa targets 1,500 devices in one botnet through Flubot, that’s pretty extreme. I wonder if the virus is more common in America and Canada than it is in the rest of the world?
    Another precaution I want to add is never download APK (Android Package Kit) from unknown websites because they might contain some sort of malware infection like Medusa.

  23. Super interesting post!! It’s really scary that malware like Medusa can use so many ways to control your phone, including SMS, especially since it was able to control 1500 phones so quickly. It’s very scary that they can steal login information for banking websites, especially when coupled with scams like SIM swapping, which can affect two factor authentication as well. I always see scam messages on my phone from RBC, which is funny because I don’t bank with RBC. It’s really good you added tips on how to protect yourself, especially since it involves peoples’ money!! All in all, amazing job!!

  24. What a great article! The internet can be a really scary place when you take into account the many new and updated viruses popping up every other day. Medusa itself attacked over 1500 users in less than a month. This goes to show the severity and virality of malware. The fact that such a virus can take over your entire device so easily should prompt us to be much more cautious when browsing the web. Your article also has some excellent tips on internet safety!

  25. This is a fantastic post! Security issues continue to grow in today’s high-tech world, as we all become more reliant on technology. Seeing how these scammers come up with such schemes is both fascinating and perplexing. When we think of malware, we normally think of it affecting our computers, but your article illustrates how malware has advanced to the point where it can now harm smartphones as well. The safety procedures you’ve outlined are ones that everyone should take to avoid attacks like these.

  26. Thank you for sharing this topic. If a virus can get hold of my keylogging, screen, camera and microphone at any time, I think it is very scary, it means that it can almost end what I have, who sent a message, what is the content, Even my password he can easily know.

  27. Informative Blog! I agree with you, malware has been spreading exponentially. The initial boom doubled the number of malicious files and programs infecting the web. The growth might have slowed down in the following years, but it hasn’t stopped. Even with built-in antivirus software protecting the newest operating systems, there’s more malware online than ever before. Thank you for providing such a nice post.

  28. This was a really interesting and informative post! I was not aware about the medusa malware before and the snippet code in this post really did show me how this kind of malware functions. By altering text output (like password) and then getting access to the victim’s personal information, Medusa definitely shows itself to be really dangerous. I always make sure that I do not access any links that look suspicious whether I get one on mail or an “SMS” message on my phone.

  29. Amazing Post!
    The malware is also known as Tanglebot and is spread through text messages containing malicious links. If the malware infects your device, crooks can steal data and even take over your phone. ThreatFabric researchers noticed a development change in the current version, making Medusa even more dangerous. In addition to the regular reading of text messages and accessing your contacts, it can now steal your money too

  30. Attackers work always to try and find ways to make our life worse , with those different and creative malwares each time , trying to find a way to our data and steal it from us , i think it is only correct to try and stay safe while using the internet .
    Great post !

  31. Pingback: Apartheid

Leave a comment