Fox-IT researchers have discovered a new version of known Android malware. The trojan, which lets users lose complete control, pretends to be a virus scanner but thus provides anything but security.
Android is open. Yet one of its greatest advantages is also directly its greatest danger, as this causes users to face nasty situations on a regular basis. For example, you may install an app to fight off viruses, but end up being targeted by that very app.
Cybersecurity specialists at Fox-IT are warning Android users about a new version of the Vultur trojan. The malware was first discovered in early 2021 and has since taken a different form. But the problem remains the same.
Android malware poses as virus scanner
Those who think they have put McAfee anti-virus software on their Android smartphones may come home to a cold surprise. Whereas previous versions of the Vultur trojan previously nestled themselves in the Google Play Store, malicious actors are now taking a slightly different approach.
First, an Android user receives an SMS stating that a payment has been made that is not fluffy. Then that person is given a phone number to call to resolve the issues. That problem is simple: install the McAfee Security app for Android. An app that at first glance does what it is intended to do, but at the same time does a lot of bad things.
In the background, malware is unleashed that consists of three components. Two of them are APKs and the third is a DEX file. It’s a boring technical story, but the bottom line is that these three components give the malicious person full access to your Android device.
They can record your screen, download or upload files, install apps, delete files, click, scroll and swipe on the device and even stop certain apps from running in the background. Something that could cause you to lose not only your data, but theoretically some money.
So be wary.