Medusa (Trojan)

Main article: Trojans

Chronicle

2024: Suddenly the smartphone screen went out? This Medusa Trojan rummages through your bank accounts

In late June 2024, researchers cyber security discovered an updated version of a banking Trojan for Android called Medusa, which was used to attack users in,,, To Canada,, and France Italy. Spain Turkey Great Britain USA

The new fraud cases seen in May 2024 involved five different botnets run by different branches. This remote administration tool has the ability to collect personal/private information from an infected device without the user's consent and send it to a remote attacker. Medusa's new samples feature a "lightweight permission option and new features such as the ability to full screen and remotely delete applications."

𝓲

Фото: unsplash

Medusa, also known as TangleBot, is a sophisticated Android malware first detected in July 2020 in an analysis of cyber attacks on financial institutions in Turkey. This virus is capable of reading SMS messages, registering keystrokes, taking screenshots, recording calls, sharing the device screen in real time and making unauthorized transfers by stealing bank credentials.

In February 2022, Medusa was shown to mask malware as seemingly harmless service applications. The attackers behind the Trojan are believed to be from Turkey. The new version of Medusa is distributed under the guise of fake updates and is less likely to ask for permissions to reduce the likelihood of detection. Another new feature of the Trojan is the ability to install a black screen on the victim's device to give the impression that the device is locked or turned off, and use it as a cover for malicious actions.^[1]

Notes