A New Compact Variant Discovered

June 26, 2024, 8:56 a.m.

Description

Security researchers at Cleafy Labs detected a resurgence of the Medusa banking trojan, which targets Android devices for on-device fraud. The new variant exhibits a lightweight permission set, expanded geographical targeting, and the adoption of droppers for distribution. It introduces capabilities like full-screen overlays and remote app uninstallation while removing some previous functionalities. The malware's evolving tactics, including minimizing permissions for stealth and experimenting with novel distribution methods, underscore its growing threat.

External References

https://www.cleafy.com/cleafy-labs/medusa-reborn-a-new-compact-variant-discovered
https://otx.alienvault.com/pulse/667bd010511c7d2bf93bd475
Tags
android
trojan
fraud
medusa
2024-06-26
tanglebot

Date

  • Created: June 26, 2024, 8:23 a.m.
  • Published: June 26, 2024, 8:23 a.m.
  • Modified: June 26, 2024, 8:56 a.m.

Indicators

  • facefacefff08eee8e6b00169cfc2167c983d01875b0d6db73b1dc7daf967833
  • dceb5e86453f99781aa4235a2bffbb41f9d8fbae5d2077c285dba4625875ce1f
  • d42dba76fb069cd4fca3ce93f765b4c14c31d1b8945d5823238ee40f6acb9822
  • f6ad2b1491d19aad9c63d5792b2e80e4deb4424cdfca564a406b891b03f7d76a
  • cc896cb8dafdeb318cd52f315f3de5bab0bafaf998522251d8e751bae54e513a
  • cab45bce0ee5e2a8e8a9dc5059ea1d7622e4cab33ee218794ad694b57cc0704e
  • c7e626f0662c60e1daecd9512240b32cf1a913d51db0d8c5b166123cc64e017f
  • c22230c33b8217036d4e4262d02f85c1e16b140f288d0417b223961e28fb2d19
  • a31d747aab691de759644314ec22da5aca765be4117879f76e1d79e3268d2372
  • a2c2874cac9dffa7451be8b25a33e93ab55be825c7bc65ac98c9103d743e890a
  • 94c28a9d03ad9f5c3ce2f025c654b65ce3f43af65df09eb068d2137c70c154a7
  • 9fa18e32f68dd75edddebbd509bc48e6056290252de01da5a18fe61c18fa2759
  • 8b868f57e972f57d444ad9feca3936a4266032d7df1eb4e950dfcbb3e296a58a
  • 7df2065c5c7494db559e668bc9b962c6e16d5445dfe1fb2e4fa05e3fb5dcfd1c
  • 80c850c0f57bb866a99635ab8b15f87a0c99e99667dbc9d0d5f244a87383af3b
  • 6da981a4ae1ae164d76df4805d37227a0a91c1fcb12f3efc70a5186c9302d379
  • 68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942
  • 682f48c68cc32f53ab3111820647c2a4debe4f6447059faf1d4343ea1f15dd38
  • 6b8aaa3314e8071f8ee284df803e7a1684422e5140303531be6476959a3dfbb8
  • 681973fbeec6783dc11e0549b6ea497d17021ad20a15b69cebe194ffac9d3b17
  • 543b2efb7561f0dd916410cbabf82976361eed4c0bfa2e1e5ce252880de1b9ca
  • 4e37b5f6848f1f02207a05979a3a792ebda141acd69b494e91910f915e35158b
  • 414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029
  • 31c3ab369dde010911618deae72a63b85f60f684b155d807795025b412e2f033
  • 39c6709dd65dcce3f15291f9aa373d0094294342631720f8c546cc72b177f195
  • 29e2e7eb8ce83956f571358f42fa7807d3db7a376264372c6923c553b0010c08
  • 24298685c619fefaae3dee45b139591e82aa7e85b6509699cf58d6cfc38502e5
  • 219027932b7e10b24e89705dc1525f61c4dbbf18f2616c202f25d8f2995883a0
  • 20347b60b96a6d0319fa3619057099949f375b51c7a269d1c9f628bfef4786da
  • 17abb4094366eea7c72cba4cef10c7494d7b2e57c5e591176edbd93d9ad34757
  • 0dabb2a8ef0e0171ea67507fc8d4ebde45ec02aae56b94c1e6a73e0ce4a4089a
  • 031755a2a743c89801898802726f42e3ec1803f54100223dd6d12a0fe6dadab1
  • http://icq.im/AoLH5bRXfAE6eCtbw1I
  • http://icq.im/AoLH58xYS0_leBOpXFI
  • http://icq.im/AoLH58pXY8ejJTQiWg8
  • unkunknunkkkkk.info
  • topisbim.top
  • tonyyyyyyyyyy.info
  • tonyttnnntnn1704.top
  • tonymayisayininfilancagunu.info
  • tony1303sock.top
  • pemmbebebebebebe.info
  • pembemayisayininfilancazamani.info
  • pembe1303sock.top
  • cincincintopcin.info
  • baahhhs21.info
  • bimtambir.top
  • a6a6a6a6a6a6a6.info
  • a4a4a4a.life
  • a2a2a2a.life
Download all indicators here!

Attack Patterns

  • TangleBot
  • Medusa
  • Medusa

Additional Informations

  • financial
  • Spain
  • Italy
  • Canada
  • France
  • United States of America