Since its emergence in 2020, Medusa has expanded its geographic target range significantly. Initially focusing on Turkish financial institutions, it rapidly broadened its scope by 2022 to include major campaigns in North America and Europe3. The latest variant of Medusa has been detected targeting Android users in countries like the U.S., Canada, Spain, France, Italy, the U.K., and Turkey.
The updated Medusa Trojan requests fewer permissions to avoid detection3. It still asks for Accessibility Services, which is a red flag. Additionally, it requests Broadcasting SMS, Internet Foreground Service, and Package Management permissions.
The Medusa Trojan, a Turkish-linked banking malware, initially targeted financial institutions in Turkey but rapidly expanded its scope to North America and Europe13. Since its resurgence in 2023, the upgraded variant has been targeting Android users worldwide, including in the U.S., Canada, Spain, France, Italy, the U.K., and Turkey. The Trojan's impact includes significant monetary harm and the theft of sensitive banking credentials, leading to on-device fraud activities. Cybercriminals continue to exploit Android's Accessibility Services to bypass security measures and gain control over compromised devices, making it a dangerous threat to financial institutions and users alike.