A New Compact Variant Discovered
June 26, 2024, 8:56 a.m.
Tags
External References
Description
Security researchers at Cleafy Labs detected a resurgence of the Medusa banking trojan, which targets Android devices for on-device fraud. The new variant exhibits a lightweight permission set, expanded geographical targeting, and the adoption of droppers for distribution. It introduces capabilities like full-screen overlays and remote app uninstallation while removing some previous functionalities. The malware's evolving tactics, including minimizing permissions for stealth and experimenting with novel distribution methods, underscore its growing threat.
Date
Published: June 26, 2024, 8:23 a.m.
Created: June 26, 2024, 8:23 a.m.
Modified: June 26, 2024, 8:56 a.m.
Indicators
facefacefff08eee8e6b00169cfc2167c983d01875b0d6db73b1dc7daf967833
dceb5e86453f99781aa4235a2bffbb41f9d8fbae5d2077c285dba4625875ce1f
d42dba76fb069cd4fca3ce93f765b4c14c31d1b8945d5823238ee40f6acb9822
f6ad2b1491d19aad9c63d5792b2e80e4deb4424cdfca564a406b891b03f7d76a
cc896cb8dafdeb318cd52f315f3de5bab0bafaf998522251d8e751bae54e513a
cab45bce0ee5e2a8e8a9dc5059ea1d7622e4cab33ee218794ad694b57cc0704e
c7e626f0662c60e1daecd9512240b32cf1a913d51db0d8c5b166123cc64e017f
c22230c33b8217036d4e4262d02f85c1e16b140f288d0417b223961e28fb2d19
a31d747aab691de759644314ec22da5aca765be4117879f76e1d79e3268d2372
a2c2874cac9dffa7451be8b25a33e93ab55be825c7bc65ac98c9103d743e890a
94c28a9d03ad9f5c3ce2f025c654b65ce3f43af65df09eb068d2137c70c154a7
9fa18e32f68dd75edddebbd509bc48e6056290252de01da5a18fe61c18fa2759
8b868f57e972f57d444ad9feca3936a4266032d7df1eb4e950dfcbb3e296a58a
7df2065c5c7494db559e668bc9b962c6e16d5445dfe1fb2e4fa05e3fb5dcfd1c
80c850c0f57bb866a99635ab8b15f87a0c99e99667dbc9d0d5f244a87383af3b
6da981a4ae1ae164d76df4805d37227a0a91c1fcb12f3efc70a5186c9302d379
68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942
682f48c68cc32f53ab3111820647c2a4debe4f6447059faf1d4343ea1f15dd38
6b8aaa3314e8071f8ee284df803e7a1684422e5140303531be6476959a3dfbb8
681973fbeec6783dc11e0549b6ea497d17021ad20a15b69cebe194ffac9d3b17
543b2efb7561f0dd916410cbabf82976361eed4c0bfa2e1e5ce252880de1b9ca
4e37b5f6848f1f02207a05979a3a792ebda141acd69b494e91910f915e35158b
414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029
31c3ab369dde010911618deae72a63b85f60f684b155d807795025b412e2f033
39c6709dd65dcce3f15291f9aa373d0094294342631720f8c546cc72b177f195
29e2e7eb8ce83956f571358f42fa7807d3db7a376264372c6923c553b0010c08
24298685c619fefaae3dee45b139591e82aa7e85b6509699cf58d6cfc38502e5
219027932b7e10b24e89705dc1525f61c4dbbf18f2616c202f25d8f2995883a0
20347b60b96a6d0319fa3619057099949f375b51c7a269d1c9f628bfef4786da
17abb4094366eea7c72cba4cef10c7494d7b2e57c5e591176edbd93d9ad34757
0dabb2a8ef0e0171ea67507fc8d4ebde45ec02aae56b94c1e6a73e0ce4a4089a
031755a2a743c89801898802726f42e3ec1803f54100223dd6d12a0fe6dadab1
http://icq.im/AoLH5bRXfAE6eCtbw1I
http://icq.im/AoLH58xYS0_leBOpXFI
http://icq.im/AoLH58pXY8ejJTQiWg8
unkunknunkkkkk.info
topisbim.top
tonyyyyyyyyyy.info
tonyttnnntnn1704.top
tonymayisayininfilancagunu.info
tony1303sock.top
pemmbebebebebebe.info
pembemayisayininfilancazamani.info
pembe1303sock.top
cincincintopcin.info
baahhhs21.info
bimtambir.top
a6a6a6a6a6a6a6.info
a4a4a4a.life
a2a2a2a.life
Attack Patterns
TangleBot
Medusa
Medusa
T1558.003
T1552.004
T1592.003
T1592.001
T1568.002
T1592.002
T1589.001
T1498
Additional Informations
financial
Spain
Italy
Canada
France
United States of America