The notorious Medusa banking Trojan, dormant for nearly a year, has returned with a vengeance. Originally known for tormenting Turkish banks in 2020, it has since expanded its reach, wreaking havoc globally, including North America and Europe. Developed by an unidentified cybercriminal group exploiting the pandemic’s digital transaction surge; Medusa surreptitiously penetrates banking systems, pilfers sensitive customer data, and siphons off funds.
The undercurrents are alarmed, with international security agencies and financial institutions scrambling to beef up cybersecurity defenses to quell this rampant Trojan’s assaults. The new strain of Medusa has turned clandestine, demanding fewer permissions from the prey’s devices to maintain its stealth. It is often disseminated through an application called “4k Sports”, which dupes Android smartphone users into inadvertent downloads.
The Trojan still requires access to Accessibility Services, a feature designed to ease mobile device usage for individuals with disabilities. This Trojan manipulates this service to gain control over the device’s numerous functions. This vulnerability, also leveraged by other cybercriminals, can lead to unauthorized device operation control.
The latest Medusa variant is more aggressive and has diversified its attack strategy.
Resurgence of Medusa Trojan disrupts global banking
Besides seeking permissions for Broadcasting SMS, Internet Foreground Service, and Package Management, it utilizes deceitful versions of Google Chrome, InatTV, Purolator, and 5G for propagation. Surprisingly, even with 17 fewer commands, the updated Trojan is more sophisticated, exhibiting newer functions.
The concerning rise in Medusa botnets activities is alarming. These botnets target users in Turkey, the US and Canada, as well as in Italy and France in Europe. They mainly spread via phishing emails and malicious downloads. What makes it especially dangerous is its ability to self-multiply and mutate to evade detection, making them instrumental in a range of malicious activities ranging from DDoS attacks to credential theft.
To stay safe, users need to beware of phishing attempts, refrain from disclosing sensitive information to unknown sources, and download apps strictly from trusted sources. Regular updating of the operating system and installed apps is crucial for ensuring the latest security patches are in place. Additionally, data backup is highly recommended for aiding in recovery, should a device be compromised. A multi-layered security approach, such as using antivirus software in tandem with other measures, will better equip individuals against such threats.
