Technology

Android banking Trojan evolves to evade detection and strike globally

Published

6 months ago

July 6, 2024

Android banking Trojan evolves to evade detection and strike globally

Android banking Trojan Medusa has returned after almost a yearlong hiatus and is now even more dangerous. The new variant of the Trojan is lightweight and requests fewer device permissions to avoid detection.

First identified in 2020, Medusa is a Turkish-linked banking Trojan that initially targeted Turkish financial institutions.

It expanded rapidly by 2022, launching major campaigns in North America and Europe, causing significant monetary harm. Medusa’s new variant is now targeting Android users across the globe, including those located in the U.S., Canada, Spain, France, Italy, the U.K. and Turkey.

A man looking at his Android phone. (Kurt “CyberGuy” Knutsson)

How does the Medusa Android Trojan evade detection?

Since July 2023, Medusa attacks are back with a new version. Cybersecurity experts from Cleafy found a spike in the number of installs of an app called “4K Sports.” This app is being used by hackers to put malware on people’s Android phones. The new malware is an upgraded Medusa with big changes in how it works.

It asks for fewer permissions, making it sneakier. It still requests Accessibility Services, which is a big red flag. Android’s Accessibility Service is a powerful tool that helps people with disabilities use mobile devices more easily. When you grant an app Accessibility permissions, you’re essentially giving it the ability to do whatever it wants on your phone.

CLICK HERE FOR MORE U.S. NEWS

Cybercriminals are aware of this, so most malware that infects your phone will ask for Accessibility permissions. You should be immediately suspicious when an app requests permissions in this area. Medusa’s new variant also requests Broadcasting SMS, Internet Foreground Service and Package Management permissions.

The Android Trojan now has 17 fewer commands than before but adds five new ones, like setting a black screen overlay, taking screenshots and more.

Cleafy reveals that hackers are using not only the 4K Sports app to install Medusa but also fake apps like Google Chrome, InatTV, Purolator and 5G. In the U.S., Chrome, InatTV and Purolator are the main apps being misused by these hackers.

A person on their Android phone. (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR ANDROIDS — CYBERGUY PICKS 2024

What is the scale of the Medusa cyberattack?

Medusa is going after people all over the world, including the U.S. and Europe. Cleafy found two different Medusa botnet groups, each working in its own way.

The first group, with botnets named AFETZEDE, ANAKONDA, PEMBE and TONY, mainly targets people in Turkey but also hits Canada and the U.S. They use Medusa’s usual tricks, like phishing, to spread the malware.

The second group, including the UNKN botnet, shows a change in Medusa’s strategy. It mainly targets European users, especially in Italy and France. Unlike the usual variants, some of these new ones were installed through apps downloaded from untrusted sources. This means the hackers are trying new ways to spread the malware beyond the usual phishing tactics.

Illustration of a cybercriminal. (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

10 ways you can protect yourself from the Android banking Trojan

While a Trojan is hard to detect and can be dangerous once it enters your phone, there are several things you can do to protect your data.

1. Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

2. Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but it’s not enough to stop all malicious software. Historically, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3. Download apps from reliable sources: It’s important to download apps only from trusted sources like the Google Play Store. They have strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they can pose a higher risk to your personal data and device.

4. Use an identity theft protection service: Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

5. Monitor your accounts: If you think you have been affected by the banking Trojan, regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

6. Enable SMS notifications for your bank accounts: By enabling SMS notifications, you can monitor your accounts for any unauthorized transactions.

7. Set up two-factor authentication (2FA): 2FA is an extra shield that prevents hackers from accessing your accounts.

8. Use a password manager: A password manager can help you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.

9. Regularly update your device’s operating system and apps: Keeping your software up to date is crucial, as updates often include security patches for newly discovered vulnerabilities that could be exploited by Trojans.

10. Be wary of granting permissions: Carefully review the permissions requested by apps. If an app asks for more access than it needs for its functionality, it could be a red flag.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key takeaways

Hackers behind Medusa have made the malware hard to detect. They use apps that look legitimate to get the malware onto your phone and steal your personal data and sometimes your money. As a rule of thumb, only download apps from the Google Play Store. Google ensures it only allows secure apps on its platform and is safer than any other app store.

What are your thoughts on the increasing sophistication of mobile malware like the Medusa Trojan, and how do you think the cybersecurity industry should respond? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Technology

Amazon Prime will shut down its clothing try-on program

Published

4 hours ago

January 12, 2025

Press Room

Amazon Prime will shut down its clothing try-on program

Given the combination of Try Before You Buy only scaling to a limited number of items and customers increasingly using our new AI-powered features like virtual try-on, personalized size recommendations, review highlights, and improved size charts to make sure they find the right fit, we’re phasing out the Try Before You Buy option, effective January 31, 2025. Of course, customers will continue to enjoy fast, free shipping, with easy, free returns on our full apparel selection.

Technology

Fox News AI Newsletter: Tech leaders' message to Biden

Published

5 hours ago

January 12, 2025

Press Room

Nvidia is developing real-world robots that are equipped with artificial intelligence capabilities. (Justin Sullivan/Getty Images)

Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.

IN TODAY’S NEWSLETTER:

– Tech industry leaders urge Biden not to cement rule they say could diminish US global leadership on AI
– Sam Altman responds to lawsuit, allegations of abuse from sister
– As a Berkeley professor, I see the impact H-1B visas and AI have on students’ job opportunities
– Top tech stealing the show at CES 2025

PUSH BACK: The new rule, which industry leaders say could come as early as the end of this week, effectively seeks to shore up the U.S. economy and national security efforts by adding new restrictions on how many U.S.-made artifical intelligence products can be deployed across the globe.

Jensen Huang, co-founder and chief executive officer of Nvidia Corp., speaks during the Nvidia GPU Technology Conference (GTC) in San Jose, Calif., on Monday, March 18, 2024. (David Paul Morris/Bloomberg via Getty Images)

‘UTTERLY UNTRUE’: Open AI CEO Sam Altman on Tuesday responded to a lawsuit in which his sister accused him of sexually abusing her for nearly a decade. Altman, along with his mother and two brothers, issued a joint statement denying the claims of his sister, Ann Altman.

Sam Altman, chief executive officer of OpenAI, speaks during the Bloomberg Technology Summit in San Francisco on Thursday, June 22, 2023. (David Paul Morris/Bloomberg via Getty Images)

LOW COST LABOR: The H-1B visa program was intended to bring in specialized talent from abroad, but instead it has become a tool for employers to hire lower-cost labor for ordinary jobs.

Illustrative picture showing an application for the United States of America work visa H1B with a pen.

BEST OF CES: Get ready for some pretty cool innovations that are lighting up CES 2025, the world’s biggest annual tech event. From AI-powered smart glasses to revolutionary TVs and mind-blowing gadgets, this year’s show is proving that the future isn’t just knocking. It’s bursting through the door.

Samsung Food app. (Kurt “CyberGuy” Knutsson)

Subscribe now to get the Fox News Artificial Intelligence Newsletter in your inbox.

FOLLOW FOX NEWS ON SOCIAL MEDIA

Facebook
Instagram
YouTube
Twitter
LinkedIn

SIGN UP FOR OUR OTHER NEWSLETTERS

Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health

DOWNLOAD OUR APPS

Fox News
Fox Business
Fox Weather
Fox Sports
Tubi

WATCH FOX NEWS ONLINE

Fox News Go

STREAM FOX NATION

Fox Nation

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.

This article was written by Fox News staff.

Technology

How Watch Duty’s wildfire tracking app became a crucial lifeline for LA

Published

12 hours ago

January 11, 2025

Press Room

How Watch Duty’s wildfire tracking app became a crucial lifeline for LA

If you live in Los Angeles, you are probably already intimately familiar with Watch Duty, the free app that shows active fires, mandatory evacuation zones, air quality indexes, wind direction, and a wealth of other information that everyone, from firefighters to regular people, have come to rely on during this week’s historic and devastating wildfires.

Watch Duty is unique in the tech world in that it doesn’t care about user engagement, time spent, or ad sales. The 501(c)(3) nonprofit behind it only cares about the accuracy of the information it provides and the speed with which the service can deliver that information. The app itself has taken off, rocketing to the top of Apple’s and Google’s app stores. Over 1 million people have downloaded it over the last few days alone.

The elegance of the app lies in its simplicity. It doesn’t scrape user data, show ads, require any kind of login, or track your information. Its simple tech stack and UI — most of which is maintained by volunteer engineers and reporters — has likely helped save countless lives. While Watch Duty is free to use, the app accepts tax-deductible donations and offers two tiers of membership that unlock additional features, like a firefighting flight tracker and the ability to set alerts for more than four counties.

With plans to expand the service across the United States, as well as overseas and into other emergency services, Watch Duty may eventually replace some of the slower and less reliable local government alert systems for millions of people.

Photo by Lokman Vural Elibol / Anadolu via Getty Images

An app born from fire

The idea for Watch Duty came to cofounder John Mills while he was trying to protect his off-grid Sonoma County home from the Walbridge fire in 2020. He realized there wasn’t a single source for all the information people needed to protect themselves from the blaze, which ultimately killed 33 people and destroyed 156 homes. John and his friend David Merritt, who is Watch Duty’s cofounder and CTO, decided to build an app to help.

“This came out of an idea that John had, and he talked to me about it four years ago,” Merritt tells The Verge. “We built the app in 60 days, and it was run completely by volunteers, no full-time staff. It was a side project for a lot of engineers, so the aim was to keep it as simple as possible.”

Fire reporting is piecemeal at best in fire-prone areas and frequently scattered across platforms like Facebook and X, where fire departments and counties have verified pages sharing relevant updates. But increasingly, social media platforms are putting automated access for alert services behind paywalls. Governments also use a wide variety of alert systems, causing delays that can cost lives, especially in fast-moving fires like the Palisades and Eaton fires that have forced evacuations for more than 180,000 people. And sometimes, these government-run alerts are sent out mistakenly, causing mass confusion.

Watch Duty simplifies all that for millions of people.

“We view what we are doing as a public service,” says Merritt. “It is a utility that everyone should have, which is timely, relevant information for their safety during emergencies. Right now, it’s very scattered. Even the agencies themselves, which have the best intentions, their hands are tied by bureaucracy or contracts. We partner with government sources with a focus on firefighting.”

“We view what we are doing as a public service.”

One of the biggest issues around fires, in particular, is that they can move quickly and consume large swaths of land and structures in minutes. For example, the winds that drove the Palisades fire to spread to more than 10,000 acres reached 90 miles per hour on Tuesday. When minutes matter, the piecemeal alert system that Watch Duty replaces can cause delays that cost lives.

“Some of the delivery systems for push notifications and text messages that government agencies use had a 15-minute delay, which is not good for fire,” says Merritt. “We shoot to have push notifications out in under a minute. Right now, 1.5 million people in LA are getting push notifications through the app. That’s a lot of messages to send out in 60 seconds. In general, people are getting it pretty much all at the same time.”

A simple tech stack

For Watch Duty, this kind of mass communication requires reliable technology as well as a group of dedicated staff and skilled volunteers. Merritt says that Watch Duty relies on a number of corporate partners with whom it has relationships and contracts to provide its service.

“We shoot to have push notifications out in under a minute.”

The app is built on a mix of technology, including Google’s cloud platform, Amazon Web Services, Firebase, Fastly, and Heroku. Merritt says the app uses some AI, but only for internal routing of alerts and emails. Reporters at Watch Duty — those who listen to scanners and update the app with push notifications about everything from air drops to evacuation updates — are mostly volunteers who coordinate coverage via Slack.

“All information is vetted for quality over quantity,” he says. “We have a code of conduct for reporters. For example, we never report on injuries or give specific addresses. It’s all tailored with a specific set of criteria. We don’t editorialize. We report on what we have heard on the scanners.”

According to Merritt, the app has 100 percent uptime. Even though it started with volunteer engineers, the nonprofit has slowly added more full-time people. “We still have volunteers helping us, but it’s becoming more on the internal paid staff as we grow, as things get more complex, and as we have more rigorous processes,” he says.

“All information is vetted for quality over quantity.”

He says there are no plans to ever charge for the app or scrape user data. The approach is kind of the Field of Dreams method to building a free app that saves people’s lives: if you build it well, the funding will come.

“It’s the antithesis of what a lot of tech does,” Merritt says. “We don’t want you to spend time in the app. You get information and get out. We have the option of adding more photos, but we limit those to the ones that provide different views of a fire we have been tracking. We don’t want people doom scrolling.”

Photo by FREDERIC J. BROWN / AFP via Getty Images

Collecting information in the era of Trump

Watch Duty relies heavily on publicly available information from places like the National Weather Service and the Environmental Protection Agency. Should the incoming Trump administration decide to execute on threats to dismantle and disband the EPA (which monitors air quality) and the National Oceanic and Atmospheric Administration, the parent agency to the National Weather Service, such moves would impact Watch Duty’s ability to operate.

Even still, Merritt is optimistic. “We will be pretty well insulated from any change to policy,” he says. “We are either buying that information ourselves already or we are happy to buy it, and we will take that cost on. The fact that we’re soon going to be covering the entire US will defray the cost of anything that shifts from a policy perspective. Our operation costs are mostly salaries. We are trying to hire really good engineers and have a really solid platform. If we need to raise a grant to buy data from the National Weather Service, then we will.”

Regardless of what the next administration does, it’s clear that Watch Duty has become a critical and necessary app for those in Southern California right now. The app currently covers 22 states and plans to roll out nationwide soon.

“We got 1.4 million app downloads in the last few days,” according to Merritt. “I think we have only received 60 support tickets, so that shows that something is working there. We are really just focused on the delivery of this information.”