Moreover, the group behind Vultur can see every interaction the user does to their device, thanks to the real-time implementation of VNC (Virtual Network Computing) screen sharing. Vultur uses JSON-RPC to communicate with its C2, a tactic that Brunhilda used to do.Vultur is seen using the same icon and package name of a Brunhilda dropper.Vultur is seen using the same C2 that Brunhilda used in the past.The command and control server (C2) of “Project Brunhilda” supports Vultur-specific bot commands.The company has linked the two for the following reasons: ThreatFabric believes that the group behind this dropper and Vultur are one and the same. Note, however, that there are many Brunhilda dropper apps on the Store, which suggests that infection count could be a lot higher.Ī Brunhilda dropper masquerading itself as a faux security solution for Android.
#Duo app android android
Initial variants of Vultur have been dropped by an Android app called “Protection Guard”, which have had 5,000 installs on the Google Play Store upon its discovery.
One of the Android dropper malware that drops Vultur (among others) is Brunhilda, a privately operated dropper. In steering away from this, the attackers made less effort but yielded the same results. This approach usually requires time and effort for the attackers in order to steal what they want from the user. Vultur (Romanian for “vulture”) is known to target banks, cryptocurrency wallets, social media (Facebook, TikTok), and messaging services (WhatsApp, Viber) to harvest credentials using keylogging and screen recording.Īccording to ThreatFabric, the mobile security company that first spotted Vultur in 2021, the cybercriminals behind the malware have steered away from the common HTML overlay strategy usually seen in other Android banking Trojans. After making its first in-the-wild appearance in March 2021, Vultur-an information-stealing RAT that runs on Android-is back.
0 kommentar(er)
