Technology
Protect your Android from the Vultur banking Trojan’s remote attacks
One of the most advanced Trojans targeting banking apps has gotten an upgrade. Vultur has been wreaking havoc on Androids since security firm ThreatFabric discovered it in 2021. According to researchers with NCC Group, the malware has reemerged and is even stealthier than before.
You might remember Vultur for the notoriety it gained for its ability to screen record on devices remotely. It hid in apps, some of which were on the Google Play Store, and infected your device.
But now Vultur has new ways to take over Androids and new methods to trick you into downloading malware. Hackers now utilize everything from text messages to phone calls to dupe their victims. Once they get into your device, they can take total control. Hackers can remotely access and use your phone – all in an effort to take your hard-earned money.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Android phone (Kurt “CyberGuy” Knutsson)
Vultur’s new hybrid attack
According to NCC Group, this new attack focuses on contacting victims. It begins with a text message urging the victim to call if they didn’t authorize a transaction on their bank account. However, the transaction isn’t real; it’s simply a ruse.
If the victim calls, they will receive instructions to download a McAfee Security app containing the banking Trojan and a text message with the link.
The security app looks normal but actually contains the Brunhilda dropper, a deceptive component hidden within seemingly legitimate apps. In this case, the dropper contains the Vultur Trojan. It then releases and executes the Trojan in three batches. When the third batch is dropped, hackers can gain total control of your Android device.
Illustration of infection chain (NCC Group) (Kurt “CyberGuy” Knutsson)
MORE: HACKERS USE PIRATED SOFTWARE TO HIJACK MAC, ANDROID, WINDOWS DEVICES
Vultur’s new features
Vultur was already a very serious threat to Android users. But now, that threat has been significantly upgraded thanks to the level of control hackers can gain. Once Vultur has infected your device, hackers can install, delete, upload and download files. It can even stop apps from running in the first place. If that wasn’t enough, Vultur can bypass Android’s Keylock feature, bypassing your lock screen.
Even more frightening is Vultur’s remote control capabilities. The malware has been able to remotely access devices since it was first discovered in 2021. But now, hackers can instruct the malware to swipe, click, scroll, mute and unmute audio, and more, giving them more control.
Hackers don’t need to worry about staying connected to the device, either. They have leveraged Google’s Firebase Cloud Messaging system to be able to send instructions to infected devices.
Samsung phone (Kurt “CyberGuy” Knutsson)
How to protect your Android from Vultur
One of the biggest ways to stay away from Vultur is not to call after a hacker texts you about approving a large bank transaction. You can always call your financial intuition yourself to check. But never call an unknown phone number that’s sent to you by an unknown person. Here are some other tips as well:
Avoid sideloading apps and shortened URLs
Try not to sideload apps. That’s when you install apps outside of a legitimate source. Shortened URLs can mislead users into downloading malware.
Be careful granting permissions
Exercise caution when granting app permissions. Consider whether an app truly needs access to certain device functions or data.
Limit the apps you have on your phone
Sometimes, having a lot of apps on your phone can make it easy to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable. Here’s how to delete unnecessary apps from your Android.
Hacker using Android and laptop (Kurt “CyberGuy” Knutsson)
MORE: WHAT YOU NEED TO KNOW ABOUT VAJRASPY RAT, THE CYBERESPIONAGE TOOL THAT INFILTRATED GOOGLE PLAY
Download apps from reputable sources
Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting “install.”
Keep your Android device updated
Your phone has a way of keeping itself safe with software and security updates. Don’t forget to install them.
Have good antivirus software on all your devices
Installing antivirus protection on all your devices is the best way to protect yourself from malware. Antivirus software will prevent you from clicking on potentially malicious links that may install malware on your devices, allowing hackers to gain access to your personal information. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
What should you do if your data is compromised?
If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:
Change your passwords
Vultur can give hackers access to everything on your device, including your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or authorities immediately. You should also review your credit reports and scores to see signs of identity theft or fraud.
Use identity theft protection
Hackers can access everything on your Android device, including your personal and financial information. They can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.
To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of the best identity theft protection services here.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to ensure that your device is free of malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. Before doing this, you should back up your important data and only restore it from a trusted source.
Kurt’s key takeaways
Vultur is an incredibly sophisticated banking Trojan with some terrifying features. The fact that hackers can gain full control of your Android is scary, making it all the more important that you protect yourself.
These attacks begin with a simple text message. It’s up to you to make the effort to separately call your financial institution and see if anything’s amiss. Just taking an extra 10 minutes can save you from having your entire device compromised and your personal information exposed.
How worried are you about Vultur attacks? How do you protect yourself from attacks targeting your finances? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
After introducing AirDrop support to Pixel 10 devices last year, Google is now set to expand it to phones made by other Android partners. Eric Kay, vice president of engineering for Android, confirmed in a press briefing attended by Android Authority that “a lot more” Android devices will be able to use Quick Share to initiate AirDrop sessions with Apple devices this year.
“We spent a lot of time and energy to make sure that we could build something that was compatible not only with iPhone but iPads and MacBooks,” Kay said. “Now that we’ve proven it out, we’re working with our partners to expand it into the rest of the ecosystem, and you should see some exciting announcements coming very soon.”
Currently, Google’s Pixel 10 phones are the only Android devices that can use Quick Share — Android’s own wireless peer-to-peer transfer feature, previously known as Nearby Share — to communicate directly with Apple’s AirDrop. Google hasn’t outlined any specific Android partners or devices for the update yet, but both Nothing and chipmaker Qualcomm teased in November that support was coming.
Kay also discussed Google’s efforts to improve the process for iOS users who switch to Android, helping to prevent incomplete data transfers, lost messages, and other issues. Apple has been working on a “user-friendly” way of transferring data from iPhones to other devices since early 2024, and Google and Apple’s collaborative efforts were seen being tested in Android Canary 2512 for Pixel devices in December.
“We’re also going to be working to make it easy for people who do decide to switch to transfer their data and make sure they’ve got everything they had from their old phone,” Kay said during the same briefing. “So there’s a lot more going on with that.”
NEWYou can now listen to Fox News articles!
A popular mobile app called Chat & Ask AI has more than 50 million users across the Google Play Store and Apple App Store. Now, an independent security researcher says the app exposed hundreds of millions of private chatbot conversations online.
The exposed messages reportedly included deeply personal and disturbing requests. Users asked questions like how to painlessly kill themselves, how to write suicide notes, how to make meth and how to hack other apps.
These were not harmless prompts. They were full chat histories tied to real users.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
HOW TECH IS BEING USED IN NANCY GUTHRIE DISAPPEARANCE INVESTIGATION
Security researchers say Chat & Ask AI exposed hundreds of millions of private chatbot messages, including complete conversation histories tied to real users. (Neil Godwin/Getty Images)
What exactly was exposed
The issue was discovered by a security researcher who goes by Harry. He found that Chat & Ask AI had a misconfigured backend using Google Firebase, a popular mobile app development platform. Because of that misconfiguration, it was easy for outsiders to gain authenticated access to the app’s database. Harry says he was able to access roughly 300 million messages tied to more than 25 million users. He analyzed a smaller sample of about 60,000 users and more than one million messages to confirm the scope.
The exposed data reportedly included:
- Full chat histories with the AI
- Timestamps for each conversation
- The custom name users gave the chatbot
- How users configured the AI model
- Which AI model was selected
That matters because many users treat AI chats like private journals, therapists or brainstorming partners.
How this AI app stores so much sensitive user data
Chat & Ask AI is not a standalone artificial intelligence model. It acts as a wrapper that lets users talk to large language models built by bigger companies. Users could choose between models from OpenAI, Anthropic and Google, including ChatGPT, Claude and Gemini. While those companies operate the underlying models, Chat & Ask AI handles the storage. That is where things went wrong. Cybersecurity experts say this type of Firebase misconfiguration is a well-known weakness. It is also easy to find if someone knows what to look for.
We reached out to Codeway, which publishes the Chat & Ask AI app, for comment, but did not receive a response before publication.
149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK
The exposed database reportedly included timestamps, model settings and the names users gave their chatbots, revealing far more than isolated prompts. (Elisa Schu/Getty Images)
Why this matters to everyday users
Many people assume their chats with AI tools are private. They type things they would never post publicly or even say out loud. When an app stores that data insecurely, it becomes a gold mine for attackers. Even without names attached, chat histories can reveal mental health struggles, illegal behavior, work secrets and personal relationships. Once exposed, that data can be copied, scraped and shared forever.
YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT
Because the app handled data storage itself, a simple Firebase misconfiguration made sensitive AI chats accessible to outsiders, according to the researcher. (Edward Berthelot/Getty)
Ways to stay safe when using AI apps
You do not need to stop using AI tools to protect yourself. A few informed choices can lower your risk while still letting you use these apps when they are helpful.
1) Be mindful of sensitive topics
AI chats can feel private, especially when you are stressed, curious or looking for answers. However, not all apps handle conversations securely. Before sharing deeply personal struggles, medical concerns, financial details or questions that could create legal risk if exposed, take time to understand how the app stores protects your data. If those protections are unclear, consider safer alternatives such as trusted professionals or services with stronger privacy controls.
2) Research the app before installing
Look beyond download counts and star ratings. Check who operates the app, how long it has been available, and whether its privacy policy clearly explains how user data is stored and protected.
3) Assume conversations may be stored
Even when an app claims privacy, many AI tools log conversations for troubleshooting or model improvement. Treat chats as potentially permanent records rather than temporary messages.
4) Limit account linking and sign-ins
Some AI apps allow you to sign in with Google, Apple, or an email account. While convenient, this can directly connect chat histories to your real identity. When possible, avoid linking AI tools to primary accounts used for work, banking or personal communication.
5) Review app permissions and data controls
AI apps may request access beyond what is required to function. Review permissions carefully and disable anything that is not essential. If the app offers options to delete chat history, limit data retention or turn off syncing, enable those settings.
6) Use a data removal service
Your digital footprint extends beyond AI apps. Anyone can find personal details about you with a simple Google search, including your phone number, home address, date of birth and Social Security number. Marketers buy this information to target ads. In more serious cases, scammers and identity thieves breach data brokers, leaving personal data exposed or circulating on the dark web. Using a data removal service helps reduce what can be linked back to you if a breach occurs.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Kurt’s key takeaways
AI chat apps are moving fast, but security is still lagging behind. This incident shows how a single configuration mistake can expose millions of deeply personal conversations. Until stronger protections become standard, you need to treat AI chats with caution and limit what you share. The convenience is real, but so is the risk.
Do you assume your AI chats are private, or has this story changed how much you are willing to share with these apps? Let us know your thoughts by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Copyright 2026 CyberGuy.com. All rights reserved.
When Netflix co-CEO Ted Sarandos entered the Senate office building on Tuesday, he got thrown a curveball. What started as a standard antitrust hearing relating to the Warner Bros. merger quickly devolved into a performative Republican attack about the spread of “woke” ideology on the streaming service. At the same time, arguably a much more influential platform was completely ignored: YouTube.
After grilling Sarandos about residual payments, Sen. Josh Hawley (R-MO) launched into a completely different line of questioning: “Why is it that so much of Netflix content for children promotes a transgender ideology?” Hawley asked, making an unsubstantiated claim that “almost half” of the platform’s children’s content contains so-called “transgender ideology.” The statement harkened to a pressure campaign launched by Elon Musk months ago in which he called on X users to unsubscribe from Netflix for having a “transgender woke agenda,” citing its few shows with trans characters — shows that were canceled years ago.
“Our business intent is to entertain the world,” Sarandos replied. “It is not to have a political agenda.” Still, other Republican lawmakers, including Sens. Ashley Moody (R-FL) and Eric Schmitt (R-MO), piled on, bringing up a post Netflix made following the murder of George Floyd, and the French film Cuties, which sparked a right-wing firestorm years ago. Sen. Ted Cruz (R-TX) even asked Sarandos what he thought about Billie Eilish’s “no one is illegal on stolen land” comment at the Grammys. It seemed like they were grasping at straws to support their narrative that Netflix’s acquisition of Warner Bros. could somehow poison the well of content for viewers.
“My concern is that you don’t share my values or those of many other American parents, and you want the United States government to allow you to become one of the largest — if not the largest — streaming monopolist in the world,” Hawley said. “I think we ought to be concerned about what content you’re promoting.”
While it’s true that Netflix will control a substantial portion of the streaming market when — and or if — it acquires Warner Bros. and its streaming service HBO Max, it’s hard to criticize Netflix without bringing up YouTube.
“YouTube is not just cat videos anymore. YouTube is TV.”
For years now, Netflix has been trying to topple YouTube as the most-watched streaming service. Data from Nielsen says Netflix made up 9 percent of total TV and streaming viewing in the US in December 2025, while Warner Bros. Discovery’s services made up 1.4 percent. Combining the two doesn’t even stack up to YouTube, which held a 12.7 percent share of viewership during that time. “YouTube is not just cat videos anymore,” Sarandos told the subcommittee. “YouTube is TV.”
Unlike Netflix, YouTube is free and has an ever-growing library of user-created content that doesn’t require it to spend billions of dollars in production costs and licensing fees. YouTube doesn’t have to worry about maintaining subscribers, as anyone with access to a web browser or phone can open up and watch YouTube. The setup brings YouTube a constant stream of viewers that it can rope in with a slew of content it can recommend to watch next.
But not all creators on YouTube are striving for quality. As my colleague Mia Sato wrote, YouTube is home to creators who try to feed an algorithm that boosts inflammatory content and attempts to hook viewers, in addition to an array of videos that may be less than ideal for kids.
Like it or not, YouTube is the dominant streamer, with an endless supply of potentially offensive agendas for just about anyone. But for some reason, it’s not the target of this culture war. If these lawmakers actually cared about what their kids are watching, maybe they’d start looking more closely at how YouTube prioritizes content. Or, if they don’t like the shows and movies on Netflix, they could just do what Sarandos suggested during the hearing: unsubscribe.
How a ‘South Dakota kid’ became one of only three kickers to reach football immortality
ESPN predicts winner of Kentucky vs. #25 Tennessee in season’s second matchup
Poem: Oh, Texas Our Texas,
No. 11 Kansas hosts Utah after McHenry’s 23-point game
See the honorees at Vermont Recovery Day next week
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Hegseth says US strikes force some cartel leaders to halt drug operations
Senior Russian officer shot in Moscow in apparent assassination attempt
New Jersey’s special Democratic primary too early to call
Video: Investigators Say Doorbell Camera Was Disconnected Before Nancy Guthrie’s Kidnapping
White House says murder rate plummeted to lowest level since 1900 under Trump administration
-
Indiana4 days ago13-year-old rider dies following incident at northwest Indiana BMX park
-
Massachusetts5 days agoTV star fisherman, crew all presumed dead after boat sinks off Massachusetts coast
-
Tennessee6 days agoUPDATE: Ohio woman charged in shooting death of West TN deputy
-
Indiana4 days ago13-year-old boy dies in BMX accident, officials, Steel Wheels BMX says
-
Politics1 week agoVirginia Democrats seek dozens of new tax hikes, including on dog walking and dry cleaning
-
Austin, TX7 days ago
TEA is on board with almost all of Austin ISD’s turnaround plans
-
Politics3 days agoTrump unveils new rendering of sprawling White House ballroom project
-
Texas6 days agoLive results: Texas state Senate runoff
