A trojanized version of the McAfee app is installing the Android banking Trojan “Vultur”, according to researchers. The threat actors employ a hybrid attack using two SMS messages and a phone call in order to spread links to the malicious app and deceive unsuspecting individuals into installing the malware.
First, the victim will receive an SMS message instructing them to call a number if they did not authorize a transaction involving a large amount of money. This transaction didn’t actually occur, but it will create a false sense of urgency to trick the victim into acting quickly. If the victim does call the number, they will receive another text with a link to a malicious version of the McAfee Security app, and this will install the Vultur malware.
The application is actually Brunhilda dropper; this will look benign to the victim, but in reality it will decrypt and execute a total of 3 Vultur-related payloads in order to give the threat actors total control over the victim’s mobile device. This version of Vultur also has new features making it harder to detect. Visit here to learn more about the latest attack, and how to keep yourself safe against these types of attack.