For the past two years, Zimperium has released the Mobile Banking Heist Report, providing in-depth research on the latest malware families, new attack techniques, and the global impact of banking trojans. This ongoing research allows us to stay ahead of emerging threats and ensure comprehensive protection for our users.
On June 20th, 2024, Cleafy Labs reported a compact variant of the Medusa banking trojan, a sophisticated malware with improved capabilities and a lightweight permission set to avoid detection. The original research reported 65 unique applications as part of this malware campaign along with an infrastructure of command and control servers used by the threat actors.
Medusa’s new variant includes keylogging to capture keystrokes for data theft, screen control to allow threat actors to manipulate the device remotely, SMS read/write capabilities to intercept and manipulate messages, overlay attacks to display fake screens for credential theft, and remote uninstallation to remove apps and evade detection.
The malware targets various countries, including Turkey, Spain, France, and Italy, using social engineering and droppers to distribute through fake updates. These techniques highlight the increasing sophistication and adaptability of modern banking trojans.
Zimperium Mobile Threat Defense (MTD) and Mobile Runtime Application Self-Protection (zDefend) are powered by our patented dynamic detection engine. This engine is able to detect in a zero-day fashion 98% of the reported samples. At the same time, our Web Content Filtering solution is able to detect and block traffic to the command and control servers used by the threat actors.
Additionally, our continuous monitoring and threat intelligence updates ensure that we can swiftly adapt to new threats and provide real-time protection. Our proactive approach not only detects known threats but also identifies emerging patterns and behaviors indicative of new malware variants.
Banking trojans keep evolving, presenting new challenges with its sophisticated capabilities and streamlined permissions. However, our mobile security solutions are equipped to detect and mitigate these threats effectively. By continuously updating our detection mechanisms and leveraging advanced behavioral analysis, we ensure comprehensive protection for our users against the latest threats.
