[MART] - Daily Diary #316 - Vultur, a New Android Banking Malware

CTAS-MAT ctas-mat at appgate.com
Fri Jul 30 22:20:00 UTC 2021


I hope everyone is doing well!

Below is the entry for today.

07/30/2021 - Diary entry #316:

First identified in March 2021, Vultur is a Android Banking Trojan targeting several banking institutions from Australia, Italy and Spain. Instead of using HTML overlays to lure victims into give their credentials, this new strain has screen recording and keylogging capabilities.

In order to record the victims' screen, this malware uses an implementation of the AlphaVNC to grant remote access to its operators. The screen recording starts when the victim access any app targeted by the attackers. This threat target list contains from banking and cryptocurrency apps to social medias and messaging apps.

Vultur is installed by a dropper, known as Brunhilda, developed by the same threat group. Brunhilda was used in the past to install another trojan called Alien, covered in our Daily Diary #121. The Brunhilda infected around 30,000 devices through GooglePlay. Google already removed all known apps containing the dropper. We expect new droppers deploying Vultur to appear again soon.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210730/1ef3a85d/attachment.htm>

More information about the MART mailing list