Two powerful forms of Android malware are being spread in attacks which share the same infection tactics and delivery infrastructure.
Detailed by cybersecurity researchers at ThreatFabric, the campaigns involves FluBot malware – also known as Cabassous – and another Android banking trojan, Medusa.
FluBot is one of the most notorious forms of Android malware, which steals passwords, bank details and other sensitive information from infected smartphones.
It also gains access to contact books in order to spread itself to other victims via malicious SMS messages, which are often designed to look like an alert about a missed package delivery. FluBot is so prolific that national cybersecurity agencies have issued warnings about it.
The success of FluBot has also been noticed by other cyber criminals, to the extent that those behind Medusa – which is designed to steal sensitive information via keylogging, taking screenshots and collecting data about how the phone is used – have copied its techniques for spreading their malware.
Medusa campaigns have been seen using the same app names, package names and similar icons used in successful FluBot campaigns, including one which delivers links to malware in messages which claim to come from DHL.
But Medusa campaigns don’t just