Android banking Trojan evolves to evade detection and strike globally
How has the geographic target range of Medusa expanded since 2020?
Since its emergence in 2020, Medusa has expanded its geographic target range significantly. Initially focusing on Turkish financial institutions, it rapidly broadened its scope by 2022 to include major campaigns in North America and Europe3. The latest variant of Medusa has been detected targeting Android users in countries like the U.S., Canada, Spain, France, Italy, the U.K., and Turkey.
What are the new permissions requested by the updated Medusa Trojan?
The updated Medusa Trojan requests fewer permissions to avoid detection3. It still asks for Accessibility Services, which is a red flag. Additionally, it requests Broadcasting SMS, Internet Foreground Service, and Package Management permissions.
How has the Medusa Trojan impacted financial institutions globally?
The Medusa Trojan, a Turkish-linked banking malware, initially targeted financial institutions in Turkey but rapidly expanded its scope to North America and Europe13. Since its resurgence in 2023, the upgraded variant has been targeting Android users worldwide, including in the U.S., Canada, Spain, France, Italy, the U.K., and Turkey. The Trojan's impact includes significant monetary harm and the theft of sensitive banking credentials, leading to on-device fraud activities. Cybercriminals continue to exploit Android's Accessibility Services to bypass security measures and gain control over compromised devices, making it a dangerous threat to financial institutions and users alike.