One of the most advanced Trojans targeting banking apps has gotten an upgrade. Vultur has been wreaking havoc on Androids since security firm ThreatFabric discovered it in 2021. According to researchers with NCC Group, the malware has reemerged and is even stealthier than before.

You might remember Vultur for the notoriety it gained for its ability to screen record on devices remotely. It hid in apps, some of which were on the Google Play Store, and infected your device.

But now Vultur has new ways to take over Androids and new methods to trick you into downloading malware. Hackers now utilize everything from text messages to phone calls to dupe their victims. Once they get into your device, they can take total control. Hackers can remotely access and use your phone – all in an effort to take your hard-earned money.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Vultur’s new hybrid attack

According to NCC Group, this new attack focuses on contacting victims. It begins with a text message urging the victim to call if they didn’t authorize a transaction on their bank account. However, the transaction isn’t real; it’s simply a ruse.

If the victim calls, they will receive instructions to download a McAfee Security app containing the banking Trojan and a text message with the link.

The security app looks normal but actually contains the Brunhilda dropper, a deceptive component hidden within seemingly legitimate apps. In this case, the dropper contains the Vultur Trojan. It then releases and executes the Trojan in three batches. When the third batch is dropped, hackers can gain total control of your Android device.

Illustration of infection chain (NCC Group) (Kurt “CyberGuy” Knutsson)

MORE: HACKERS USE PIRATED SOFTWARE TO HIJACK MAC, ANDROID, WINDOWS DEVICES

Vultur’s new features

Vultur was already a very serious threat to Android users. But now, that threat has been significantly upgraded thanks to the level of control hackers can gain. Once Vultur has infected your device, hackers can install, delete, upload and download files. It can even stop apps from running in the first place. If that wasn’t enough, Vultur can bypass Android’s Keylock feature, bypassing your lock screen.

Even more frightening is Vultur’s remote control capabilities. The malware has been able to remotely access devices since it was first discovered in 2021. But now, hackers can instruct the malware to swipe, click, scroll, mute and unmute audio, and more, giving them more control.

Hackers don’t need to worry about staying connected to the device, either. They have leveraged Google’s Firebase Cloud Messaging system to be able to send instructions to infected devices.

Samsung phone (Kurt “CyberGuy” Knutsson)

How to protect your Android from Vultur

One of the biggest ways to stay away from Vultur is not to call after a hacker texts you about approving a large bank transaction. You can always call your financial intuition yourself to check. But never call an unknown phone number that’s sent to you by an unknown person. Here are some other tips as well:

Avoid sideloading apps and shortened URLs

Try not to sideload apps. That’s when you install apps outside of a legitimate source. Shortened URLs can mislead users into downloading malware.

Be careful granting permissions

Exercise caution when granting app permissions. Consider whether an app truly needs access to certain device functions or data.

Limit the apps you have on your phone

Sometimes, having a lot of apps on your phone can make it easy to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable. Here’s how to delete unnecessary apps from your Android.

Hacker using Android and laptop (Kurt “CyberGuy” Knutsson)

MORE: WHAT YOU NEED TO KNOW ABOUT VAJRASPY RAT, THE CYBERESPIONAGE TOOL THAT INFILTRATED GOOGLE PLAY

Download apps from reputable sources

Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting “install.”

Keep your Android device updated

Your phone has a way of keeping itself safe with software and security updates. Don’t forget to install them.

Have good antivirus software on all your devices

Installing antivirus protection on all your devices is the best way to protect yourself from malware. Antivirus software will prevent you from clicking on potentially malicious links that may install malware on your devices, allowing hackers to gain access to your personal information. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

What should you do if your data is compromised?

If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:

Change your passwords

Vultur can give hackers access to everything on your device, including your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.

Monitor your accounts and transactions

You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or authorities immediately. You should also review your credit reports and scores to see signs of identity theft or fraud.

Use identity theft protection

Hackers can access everything on your Android device, including your personal and financial information. They can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.

To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of the best identity theft protection services here.

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Restore your device to factory settings

If you want to ensure that your device is free of malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. Before doing this, you should back up your important data and only restore it from a trusted source.

Kurt’s key takeaways

Vultur is an incredibly sophisticated banking Trojan with some terrifying features. The fact that hackers can gain full control of your Android is scary, making it all the more important that you protect yourself.

These attacks begin with a simple text message. It’s up to you to make the effort to separately call your financial institution and see if anything’s amiss. Just taking an extra 10 minutes can save you from having your entire device compromised and your personal information exposed.

How worried are you about Vultur attacks? How do you protect yourself from attacks targeting your finances? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.