A new report from security firm ThreatFabric has revealed that there’s a new Android Trojan that steals banking and personal information by recording the device screen.
Researchers at ThreatFabric dubbed the malware “Vultur,” which was first detected in March 2021, for the way it monitors victims like a vulture. Using a VNC module and keylogger, this Trojan horse targets Android users that have banking, cryptocurrency, and social networking apps and shares the recording of their device’s screen with the remote attackers.
Vultur’s way of stealing information is unique, as other bank fraud-related malware typically tricks users into divulging their banking credentials by phishing. Specifically, phishing apps use a fake login screen that’s overlaid on top of the legitimate one.
The spread of Vultur on the Android platform is made possible by a dropper called Brunhilda. This piece of software is hidden in legitimate-looking, seemingly harmless apps that function normally, but in the background, these apps have Brunhilda establish a connection to the attacker-controlled servers to begin its screen-sharing surveillance on the victims.
ThreatFabric estimates that as much as 30,000 phones have been infected by Brunhilda, with thousands of those devices infected by Vultur. Australia, Italy, and Spain are among the countries with the most targeted banking institutions.