Vultur banking trojan

- A new iteration of the Vultur banking trojan has been identified with more sophisticated remote control features and an enhanced ability to evade detection. - The malware employs a combination of smishing and voice calls to deceive victims into downloading a fake McAfee Security app laden with the malware. - The infection process involves receiving an SMS alert about an unauthorized transaction, calling a number for assistance, following a link to a fraudulent site, and installing the fake McAfee Security app. - Once installed, the malware unleashes three Vultur-related payloads that gain access to Accessibility Services, enable remote control functionalities, and establish a link with the command and control server. - The latest Vultur variant includes new functionalities such as comprehensive file management options, exploiting Accessibility Services, preventing certain apps from launching, crafting custom notifications, and disabling Keyguard. - The malware has incorporated new evasion techniques like encrypting communications with the C2 server, using multiple encrypted payloads, and disguising malicious activities as legitimate applications. - The developers behind Vultur have prioritized enhancing remote control capabilities, introducing commands for various device interactions and app management. - Android users are advised to only download apps from trusted sources like Google Play, be cautious of unsolicited messages with links, and scrutinize app permissions during installation to maintain control over device security and privacy.