<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<p>Hello,</p>
<p><br>
</p>
<p>I hope everyone is doing well!</p>
<p><br>
</p>
<p>Below is the entry for today.</p>
<p><br>
</p>
<p>07/30/2021 - Diary entry #316:</p>
<p><br>
</p>
<blockquote style="margin-top:0;margin-bottom:0">
<div style="margin-top: 0px; margin-bottom: 0px;">
<p>First identified in March 2021, Vultur is a Android Banking Trojan targeting several banking institutions from Australia, Italy and Spain. Instead of using HTML overlays to lure victims into give their credentials, this new strain has screen recording and
keylogging capabilities.</p>
<p><br>
</p>
<p>In order to record the victims' screen, this malware uses an implementation of the AlphaVNC to grant remote access to its operators. The screen recording starts when the victim access any app targeted by the attackers. This threat target list contains from
banking and cryptocurrency apps to social medias and messaging apps.</p>
<p><br>
</p>
<p>Vultur is installed by a dropper, known as Brunhilda, developed by the same threat group. Brunhilda was used in the past to install another trojan called Alien, covered in our Daily Diary #121. The Brunhilda infected around 30,000 devices through GooglePlay.
Google already removed all known apps containing the dropper. We expect new droppers deploying Vultur to appear again soon.</p>
</div>
</blockquote>
<p><br>
</p>
<p>Kind Regards,</p>
</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<table style="font-size:medium; font-family:"Times New Roman"">
<tbody>
<tr>
<td style="width:180px" align="left">
<table width="120" align="left">
<tbody>
<tr>
<td colspan="3" align="center"><a href="https://www.appgate.com/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>
</tr>
<tr>
<td colspan="3" align="center"> </td>
</tr>
<tr>
<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="18" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>
<td width="28%"><a href="https://twitter.com/AppgateSecurity" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="20" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>
<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ" target="_blank" rel="noopener noreferrer" style="margin:0px"><img style="margin:0px" width="26" height="18" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>
</tr>
</tbody>
</table>
<p style="margin-top:0px; margin-bottom:0px"> </p>
</td>
<td colspan="2" rowspan="2" style="width:350px">
<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
<strong>Felipe Tarijon de Almeida</strong><br>
Malware Analyst<br>
<strong>Appgate</strong></p>
<p style="color:rgb(12,12,12); font-size:13px; font-family:Arial,Helvetica,sans-serif; margin-top:0px; margin-bottom:0px">
E:<span style="margin:0px"> </span><font color="#228EBE"><a href="mailto:felipe.duarte@appgate.com" target="_blank" rel="noopener noreferrer" title="mailto:felipe.duarte@appgate.com" style="margin:0px">felipe.tarijon@appgate.com</a></font><br>
O:<span> </span><span style="margin:0px; background-color:white">+55 11 97467 9549</span></p>
</td>
</tr>
</tbody>
</table>
<br>
</div>
</div>
</div>
</div>
</body>
</html>