A New Compact Variant Discovered

June 26, 2024, 8:56 a.m.

Description

Security researchers at Cleafy Labs detected a resurgence of the Medusa banking trojan, which targets Android devices for on-device fraud. The new variant exhibits a lightweight permission set, expanded geographical targeting, and the adoption of droppers for distribution. It introduces capabilities like full-screen overlays and remote app uninstallation while removing some previous functionalities. The malware's evolving tactics, including minimizing permissions for stealth and experimenting with novel distribution methods, underscore its growing threat.

Date

Published: June 26, 2024, 8:23 a.m.

Created: June 26, 2024, 8:23 a.m.

Modified: June 26, 2024, 8:56 a.m.

Indicators

facefacefff08eee8e6b00169cfc2167c983d01875b0d6db73b1dc7daf967833

dceb5e86453f99781aa4235a2bffbb41f9d8fbae5d2077c285dba4625875ce1f

d42dba76fb069cd4fca3ce93f765b4c14c31d1b8945d5823238ee40f6acb9822

f6ad2b1491d19aad9c63d5792b2e80e4deb4424cdfca564a406b891b03f7d76a

cc896cb8dafdeb318cd52f315f3de5bab0bafaf998522251d8e751bae54e513a

cab45bce0ee5e2a8e8a9dc5059ea1d7622e4cab33ee218794ad694b57cc0704e

c7e626f0662c60e1daecd9512240b32cf1a913d51db0d8c5b166123cc64e017f

c22230c33b8217036d4e4262d02f85c1e16b140f288d0417b223961e28fb2d19

a31d747aab691de759644314ec22da5aca765be4117879f76e1d79e3268d2372

a2c2874cac9dffa7451be8b25a33e93ab55be825c7bc65ac98c9103d743e890a

94c28a9d03ad9f5c3ce2f025c654b65ce3f43af65df09eb068d2137c70c154a7

9fa18e32f68dd75edddebbd509bc48e6056290252de01da5a18fe61c18fa2759

8b868f57e972f57d444ad9feca3936a4266032d7df1eb4e950dfcbb3e296a58a

7df2065c5c7494db559e668bc9b962c6e16d5445dfe1fb2e4fa05e3fb5dcfd1c

80c850c0f57bb866a99635ab8b15f87a0c99e99667dbc9d0d5f244a87383af3b

6da981a4ae1ae164d76df4805d37227a0a91c1fcb12f3efc70a5186c9302d379

68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942

682f48c68cc32f53ab3111820647c2a4debe4f6447059faf1d4343ea1f15dd38

6b8aaa3314e8071f8ee284df803e7a1684422e5140303531be6476959a3dfbb8

681973fbeec6783dc11e0549b6ea497d17021ad20a15b69cebe194ffac9d3b17

543b2efb7561f0dd916410cbabf82976361eed4c0bfa2e1e5ce252880de1b9ca

4e37b5f6848f1f02207a05979a3a792ebda141acd69b494e91910f915e35158b

414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029

31c3ab369dde010911618deae72a63b85f60f684b155d807795025b412e2f033

39c6709dd65dcce3f15291f9aa373d0094294342631720f8c546cc72b177f195

29e2e7eb8ce83956f571358f42fa7807d3db7a376264372c6923c553b0010c08

24298685c619fefaae3dee45b139591e82aa7e85b6509699cf58d6cfc38502e5

219027932b7e10b24e89705dc1525f61c4dbbf18f2616c202f25d8f2995883a0

20347b60b96a6d0319fa3619057099949f375b51c7a269d1c9f628bfef4786da

17abb4094366eea7c72cba4cef10c7494d7b2e57c5e591176edbd93d9ad34757

0dabb2a8ef0e0171ea67507fc8d4ebde45ec02aae56b94c1e6a73e0ce4a4089a

031755a2a743c89801898802726f42e3ec1803f54100223dd6d12a0fe6dadab1

http://icq.im/AoLH5bRXfAE6eCtbw1I

http://icq.im/AoLH58xYS0_leBOpXFI

http://icq.im/AoLH58pXY8ejJTQiWg8

unkunknunkkkkk.info

topisbim.top

tonyyyyyyyyyy.info

tonyttnnntnn1704.top

tonymayisayininfilancagunu.info

tony1303sock.top

pemmbebebebebebe.info

pembemayisayininfilancazamani.info

pembe1303sock.top

cincincintopcin.info

baahhhs21.info

bimtambir.top

a6a6a6a6a6a6a6.info

a4a4a4a.life

a2a2a2a.life

Attack Patterns

TangleBot

Medusa

Medusa

T1558.003

T1552.004

T1592.003

T1592.001

T1568.002

T1592.002

T1589.001

T1498

Additional Informations

financial

Spain

Italy

Canada

France

United States of America