Annoying new Android malware watches EVERYTHING you do on the screen

Recent articles

Android Malware Warning – Nasty New Software Keeps an Eye on Everything (Image: GOOGLE•GETTY)

Android fans are being warned about a devious form of malware that security experts have dubbed “Vultur”. The name fits well with this predatory new strain of malware, which can record everything that happens on your screen. That means everything from logins and passwords, entire internet history, banking information, and even your private text messages and social media activities are all logged.

Vultur is a banking trojan that takes a more complex approach than its peers. While other similar trojans use overlays to trick users into entering their account information – mistakenly assuming they are logging in to a legitimate website, Vultur uses screen recording and key logging instead.

So you log into the real websites, including your online banking and social media accounts, but the malware carefully notes everything you tap on the screen and everything you type. Yaks.

As security experts at Threat Fabric explained in a blog post, this is a more complex approach that requires more time and effort from threat actors. Researchers only discovered the Vultur malware in late March and said it was also distributed via the well-known Brunhilda dropper network.

READ MORE: The Very Simple Tip EVERY iPhone and Android User Should Know

Analysis revealed that droppers spread the Vultur malware in a Google Play Store app that has been downloaded thousands of times.

The app in question was ironically called Protection Guard and claimed to help Android users protect the security of banking and social accounts.

It has since been removed from the Google Play Store.

Speaking about the security risk, Threat Fabric said: “In late March 2021, ThreatFabric discovered a new RAT malware that we named Vultur because of its full visibility on the victims’ device via VNC. For the first time, we see an Android banking Trojan that uses screen recording and keylogging as main strategy to collect credentials in an automated and scalable way.

The actors chose to stay away from the usual HTML overlay strategy that we usually see with other Android banking Trojans: this approach usually requires more time and effort from the actors to steal relevant information from the user. instead, they chose to simply capture what is being shown on screen, essentially achieving the same end result.”

New Android malware discovered

Discovered New Android Malware Called Vultur (Image: THREATENING DUST)

Threat Fabric investigation also uncovered a list of apps targeted by Vultur. Many are based in Italy, Australia and Spain, while many crypto currency wallets have also been put in the crosshairs of bad actors.

According to Threat Fabric, the Virgin Money Credit Card app, the eToro Money app, and the Bitfinex app are among the Play Store apps that Vultur focuses on for screen recording.

While WhatsApp, Facebook, Messenger and TikTok are among the apps reportedly targeted by Vultur key registration.

Summarizing their findings, Threat Fabric said, “As financial institutions’ mobile channels continue to grow, mobile banking malware will only become more popular. In addition to a sharp increase in the volume of mobile malware targeting banking apps last and this year, mobile malware is becoming more sophisticated, enabling hard-to-detect large-scale attacks.

“This means financial institutions should consider preparing by better understanding the risk of their mobile-first strategy based on the current mobile threat landscape.”

Check all Technology News here: Gaming Ideology


I work as the Content Writer for Gaming Ideology. I play Quake like professionally. I love to write about games and have been writing about them for two years.

Leave a Reply