Technology
Protect your Android from the Vultur banking Trojan’s remote attacks
One of the most advanced Trojans targeting banking apps has gotten an upgrade. Vultur has been wreaking havoc on Androids since security firm ThreatFabric discovered it in 2021. According to researchers with NCC Group, the malware has reemerged and is even stealthier than before.
You might remember Vultur for the notoriety it gained for its ability to screen record on devices remotely. It hid in apps, some of which were on the Google Play Store, and infected your device.
But now Vultur has new ways to take over Androids and new methods to trick you into downloading malware. Hackers now utilize everything from text messages to phone calls to dupe their victims. Once they get into your device, they can take total control. Hackers can remotely access and use your phone – all in an effort to take your hard-earned money.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER
Android phone (Kurt “CyberGuy” Knutsson)
Vultur’s new hybrid attack
According to NCC Group, this new attack focuses on contacting victims. It begins with a text message urging the victim to call if they didn’t authorize a transaction on their bank account. However, the transaction isn’t real; it’s simply a ruse.
If the victim calls, they will receive instructions to download a McAfee Security app containing the banking Trojan and a text message with the link.
The security app looks normal but actually contains the Brunhilda dropper, a deceptive component hidden within seemingly legitimate apps. In this case, the dropper contains the Vultur Trojan. It then releases and executes the Trojan in three batches. When the third batch is dropped, hackers can gain total control of your Android device.
Illustration of infection chain (NCC Group) (Kurt “CyberGuy” Knutsson)
MORE: HACKERS USE PIRATED SOFTWARE TO HIJACK MAC, ANDROID, WINDOWS DEVICES
Vultur’s new features
Vultur was already a very serious threat to Android users. But now, that threat has been significantly upgraded thanks to the level of control hackers can gain. Once Vultur has infected your device, hackers can install, delete, upload and download files. It can even stop apps from running in the first place. If that wasn’t enough, Vultur can bypass Android’s Keylock feature, bypassing your lock screen.
Even more frightening is Vultur’s remote control capabilities. The malware has been able to remotely access devices since it was first discovered in 2021. But now, hackers can instruct the malware to swipe, click, scroll, mute and unmute audio, and more, giving them more control.
Hackers don’t need to worry about staying connected to the device, either. They have leveraged Google’s Firebase Cloud Messaging system to be able to send instructions to infected devices.
Samsung phone (Kurt “CyberGuy” Knutsson)
How to protect your Android from Vultur
One of the biggest ways to stay away from Vultur is not to call after a hacker texts you about approving a large bank transaction. You can always call your financial intuition yourself to check. But never call an unknown phone number that’s sent to you by an unknown person. Here are some other tips as well:
Avoid sideloading apps and shortened URLs
Try not to sideload apps. That’s when you install apps outside of a legitimate source. Shortened URLs can mislead users into downloading malware.
Be careful granting permissions
Exercise caution when granting app permissions. Consider whether an app truly needs access to certain device functions or data.
Limit the apps you have on your phone
Sometimes, having a lot of apps on your phone can make it easy to be exposed to malware. These apps can let in malicious code over time, and the more apps you have to keep track of and update, the more likely your Android will be vulnerable. Here’s how to delete unnecessary apps from your Android.
Hacker using Android and laptop (Kurt “CyberGuy” Knutsson)
MORE: WHAT YOU NEED TO KNOW ABOUT VAJRASPY RAT, THE CYBERESPIONAGE TOOL THAT INFILTRATED GOOGLE PLAY
Download apps from reputable sources
Additionally, when you download apps, make sure they are from reliable and legitimate developers. Check reviews and do some research before just hitting “install.”
Keep your Android device updated
Your phone has a way of keeping itself safe with software and security updates. Don’t forget to install them.
Have good antivirus software on all your devices
Installing antivirus protection on all your devices is the best way to protect yourself from malware. Antivirus software will prevent you from clicking on potentially malicious links that may install malware on your devices, allowing hackers to gain access to your personal information. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
What should you do if your data is compromised?
If malware has already invaded your device, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:
Change your passwords
Vultur can give hackers access to everything on your device, including your online accounts and your personal or financial information. To prevent this, you should change your passwords for all your important accounts as soon as possible. However, you should not do this on your infected device because the hacker might see your new passwords. Instead, you should use ANOTHER DEVICE, such as your laptop or desktop, to change your passwords. Make sure you use strong and unique passwords that are difficult to guess or break. You can also use a password manager to generate and store your passwords securely.
Monitor your accounts and transactions
You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or authorities immediately. You should also review your credit reports and scores to see signs of identity theft or fraud.
Use identity theft protection
Hackers can access everything on your Android device, including your personal and financial information. They can use this information to create fake accounts in your name, access your existing accounts and pretend to be you online. This can cause serious damage to your identity and credit score.
To avoid this, you should use identity theft protection services. These services can track your personal information, such as your home title, Social Security Number, phone number and email address, and notify you if they detect any suspicious activity. They can also help you freeze your bank and credit card accounts to stop hackers from using them. Read more of my review of the best identity theft protection services here.
Contact your bank and credit card companies
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
Alert your contacts
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
Restore your device to factory settings
If you want to ensure that your device is free of malware or spyware, you can restore it to factory settings. This will erase all your data and settings and reinstall the original Android version. Before doing this, you should back up your important data and only restore it from a trusted source.
Kurt’s key takeaways
Vultur is an incredibly sophisticated banking Trojan with some terrifying features. The fact that hackers can gain full control of your Android is scary, making it all the more important that you protect yourself.
These attacks begin with a simple text message. It’s up to you to make the effort to separately call your financial institution and see if anything’s amiss. Just taking an extra 10 minutes can save you from having your entire device compromised and your personal information exposed.
How worried are you about Vultur attacks? How do you protect yourself from attacks targeting your finances? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
All year on The Vergecast, we’ve been tracking the many bizarre and problematic actions of FCC Chairman Brendan Carr. There has been a lot to discuss! Then, this week, ahead of one of our last episodes of the year, Carr appeared in front of the Senate Commerce Committee and spent three hours explaining how he thinks about his job, the FCC, and the state of online communication and entertainment. It was a lot.
On this episode of The Vergecast, we begin with a dissection of Carr’s testimony, his threats against broadcasters, and the ways in which he’s using old ideas about content delivery to get his political way. Nilay and David walk through some of Carr’s most important quotes, explain the history of broadband regulation, and look ahead to how Carr might bring these same tactics to internet regulation next year.
Also, an important housekeeping note: The Vergecast will be live at CES! We’ll be at the Brooklyn Bowl in Las Vegas, at 3:30PM on Wednesday, January 7th. There will be podcasting, and hanging out, and bowling. It’s going to be great, and if you’re going to be in Vegas we’d love to see you there.
Until then, if you want to know more about everything we discuss in this episode, here are some links to get you started, first on Brendan Carr:
And in the streaming wars:
And in the lightning round:
NEWYou can now listen to Fox News articles!
Holiday gatherings and year-end travel often lead to a spike in missing pets. Doors open more often, routines shift and animals can slip outside in a moment of confusion.
New Year’s Eve creates loud fireworks, and shelters report some of their busiest nights of the entire year. Amid all that, one Texas family just experienced a heartwarming reunion thanks to an AI photo matching on Petco Love Lost.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
FIND A LOST PHONE THAT IS OFF OR DEAD
An AI photo-matching on Petco Love Lost helped reunite a Texas family with their missing cat after 103 days. (ULISES RUIZ/AFP via Getty Images)
How AI photo matching kept the search going
Pam’s 11-year-old indoor cat, Grayson, had never been outside alone. She believes he slipped out while she unloaded groceries at their home in Plano, Texas. The moment she realized he was gone, she acted fast.
She said, “We went up and down the streets day and night. We went online in the neighborhood and on Love Lost. We put up flyers all over the neighborhood. Friends and neighbors were looking for him. I went to the animal shelter, posted him there, and went every day for over a month, hoping to find him.”
Pam uploaded Grayson’s photo to Petco Love Lost right away. She checked her daily match alerts and hoped she would see his familiar face pop up. She told CyberGuy, “I received match alerts almost every day from Lost Love, but never saw Grayson. His profile had been on their site for over 90 days.”
The moment everything changed
Missy, a nearby resident, spotted a thin cat in an alley near her home. She brought him inside, took a picture of him and then turned to Love Lost to see if anyone had reported a missing cat like him.
Missy explained how simple the process felt. “I used Lost Love to reunite them,” she said. “I uploaded a photo of the cat that we found, and it was matched through AI with the photo that the owner uploaded.”
She soon received an AI match alert and learned that the cross street Grayson’s owner, Pam, had listed in her lost post was only a mile from her home. Missy contacted Pam right away.
That message changed everything. “I am sure that if we had not posted his picture and enabled the ability to match the images, we would never have known what happened to Grayson,” Pam said. “And we would not have connected with Missy.”
AI TECH HELPS A SENIOR REUNITE WITH HER CAT AFTER 11 DAYS
Grayson, an indoor cat from Plano, Texas, was finally found thanks to a neighbor who uploaded his photo to an AI search tool. (DANIEL PERRON/Hans Lucas/AFP via Getty Images)
A long road for an aging cat
Grayson is almost 12 and has never lived outdoors. That made this reunion feel even more emotional, Pam said.
“I am still amazed at Grayson’s journey,” she added. “I look at him and cannot believe he made it through those 103 days. He is almost 12 years old, so he is not a young kitty.”
Pam said she still thinks about what those months were like for him. “[I] guess I will always wonder where he was and how many stops he made before he reached Missy’s loving home,” she said. “He must have known she would take care of him. It takes a special person to take the time to reunite a beloved pet with their family. Missy and her family went above and beyond to reunite us with Grayson.”
Why pet tech matters during the holidays
This season brings joy but also risks for pets. Visitors, travel and loud celebrations create more chances for animals to slip out or feel spooked. Tools like AI photo matching help families act fast when a pet goes missing. Love Lost connects shelters and neighbors in one place so that people like Pam and Missy can find each other.
What to do if your pet goes missing
Losing a pet can feel overwhelming, but taking fast action helps. These steps guide you through what to do right away.
1) Search your home and neighborhood right away
Look in closets, garages and under furniture. Walk your street and ask neighbors to check yards and sheds.
2) Upload your pet’s photo to Petco Love Lost
Take a clear photo and post it on the site. AI photo matching alerts you when a possible match appears. It also helps others contact you fast.
3) Visit your local shelters in person
Shelters update kennels throughout the day. Staff can guide you and help flag your pet’s profile. Go often until you get updates.
4) Post on local community groups
Use neighborhood apps, local Facebook groups and community forums. Include your pet’s photo, last known location and your contact info.
5) Put up flyers right away
Use a large photo and simple details. Place flyers at busy intersections and near schools, parks and businesses.
6) Contact your pet’s microchip registry
If your pet is microchipped, call the registry or log in to your account. Make sure the chip is registered to you, update your contact info and mark your pet as missing so shelters and vets can reach you fast.
7) Stay consistent with your search
Check Love Lost alerts often. Visit shelters and follow up on every lead. Persistence made the difference for Pam and Grayson.
LOST DOGS ON FOURTH OF JULY: HOW TO KEEP YOUR PET SAFE
A pet owner is seen cradling a cat on their lap. (Diego Herrera Carcedo/Anadolu via Getty Images)
How AirTags can help you find a lost pet faster
While tools like AI photo matching are invaluable after a pet goes missing, prevention and real-time tracking can make an enormous difference during the first critical hours. That’s where Apple AirTags come in. An AirTag isn’t a GPS tracker, but it can still be a powerful recovery tool when used correctly. When attached securely to your pet’s collar, an AirTag uses Apple’s vast Find My network. That network consists of hundreds of millions of nearby iPhones, iPads and Macs that can anonymously and securely relay the AirTag’s location back to you.
If your pet wanders into a neighborhood, apartment complex or busy area, the chances are high that another Apple device will pass nearby and update the location automatically. You won’t know who helped, and they won’t know it was them, but the location can show up on your map within minutes. For indoor cats or dogs that don’t usually roam far, this can be especially helpful. Even a rough location can narrow your search area and save precious time.
Important limits to know: AirTags work best in populated areas. They rely on nearby Apple devices, so coverage may be limited in rural or remote locations. They also don’t update continuously like true GPS pet trackers. That’s why AirTags should be seen as a backup layer, not a replacement for microchipping or dedicated pet trackers.
How to use an AirTag safely with pets
- Use a secure, pet-specific AirTag holder that won’t break easily.
- Attach it to a breakaway collar for cats and dogs to reduce injury risk.
- Make sure Find My notifications are turned on so you get alerts quickly.
- Combine it with microchipping and ID tags for the best protection.
Used together, these tools give you multiple ways to reconnect with your pet, whether minutes or months have passed.
For a list of the best pet trackers, go to Cyberguy.com and search “best pet trackers.”
Take my quiz: How safe is your online security?
Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Grayson’s reunion is a reminder that tech works best when caring people put it to use. AI matched the photos, but Missy took action, and Pam never stopped looking. Their persistence helped a senior cat get home after a long and risky journey.
If your pet went missing today, would you know the first step to bring them home fast? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
After briefly going dark in the US to comply with the divest-or-ban law targeting ByteDance that went into effect on January 19th, TikTok quickly came back online. It eventually reappeared in the App Store and Google Play as negotiations between the US and China continued, and Donald Trump continued to sign extensions directing officials not to apply the law’s penalties.
Finally, in mid-December, TikTok CEO Shou Zi Chew told employees that the agreements to create TikTok USDS Joint Venture LLC, which includes Oracle, Silver Lake, and MGX as part owners, have been signed, and the deal is expected to close on January 22nd, 2026. His letter said that for users in the US, the new joint venture will oversee data protection, the security of a newly-retrained algorithm, content moderation, and the deployment of the US app and platform.
Read on for all the latest news on the TikTok ban law in the US.
Watch Live: Demolition of bridge between Iowa, Wisconsin
More than 30,000 without power in West Virginia after strong winds overnight
What’s in Wyoming’s application for up to $800M in federal health funds?
USDC Enters Intuit’s Core Products With Circle Partnership as Stablecoins Move Mainstream
One.funding and MV Commercial launch MV Asset Finance
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Takeaways from an eventful 2025 election cycle
Judge tosses Trump-linked lawsuit targeting Chief Justice Roberts, dealing setback to Trump allies
Who was Osman Hadi; why is Bangladesh on fire over his death?
Putin tells news conference that Kremlin’s military goals will be achieved in Ukraine
Video: Trump Mocks Obama, Biden in His Presidential ‘Walk of Fame’
-
Iowa4 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Iowa6 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Maine3 days agoElementary-aged student killed in school bus crash in southern Maine
-
Maryland4 days agoFrigid temperatures to start the week in Maryland
-
Technology1 week agoThe Game Awards are losing their luster
-
South Dakota5 days agoNature: Snow in South Dakota
-
Nebraska1 week agoNebraska lands commitment from DL Jayden Travers adding to early Top 5 recruiting class
-
World1 week agoCoalition of the Willing calls for transatlantic unity for Ukraine