Vultur banking malware, sent via SMS, records and controls Android system screens

Even with Google’s efforts to improve the security of the Android operating system, malware comes and goes. The Vultur trojan is an example of them.

Discovered by ThreatFabric in 2021. It initially targeted steal user banking details in many countries. Over time, its creators updated it, making it even more dangerous.

Recently, the NCC Group discovered that Vultur can take control of infected devices, display custom notifications, bypass lock screen protections and make it difficult to launch other previously installed applications. Additionally, malware can now download and upload files, perform installations, search and delete documents, and avoid detection through encrypted methods.

Vultur infection often begins with a Smishing message, a fraudulent SMS. For example, scammers may send a message pretending to be from the Post Office, asking to reschedule the delivery of a package. They then ask the victim to call a specific number to resolve an alleged unauthorized banking transaction. During the call, the scammers try to convince the victim to install a security application.

This app is actually a dropper called Brunhilda, which downloads Vultur via a series of payloads. These scams are based on social engineering, creating a situation of urgency to induce the victim to act quickly, how to resolve an unauthorized bank transaction.

To protect yourself, it is important not to click on suspicious links in SMS and not to download applications outside of official stores. Another tip is, when dealing with urgent situations, go directly to the company’s website in question and contact customer service for clarification before proceeding. Prevention and knowledge of cybercriminals’ tactics are essential to protect our devices and personal data.