Medusa Malware Joins Flubot’s Android Distribution Network

Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure.

Flubot, the Android spyware that’s been spreading virally since last year, has hitched its infrastructure wagon up to another mobile threat known as Medusa.

That’s according to ThreatFabric, which found that Medusa is now being distributed through the same SMS-phishing infrastructure as Flubot, resulting in high-volume, side-by-side campaigns.

The Flubot malware (aka Cabassous) is delivered to targets through SMS texts that prompt them to install a “missed package delivery” app or a faux version of Flash Player. If a victim falls for the ruse, the malware is installed, which adds the infected device to a botnet. Then, it sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information.

The malicious implant also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” – like the flu.

Apparently, Medusa likes the cut of Flubot’s jib: “Our threat intelligence shows that Medusa followed with exactly the same app names, package names and similar icons,” ThreatFabric researchers noted in a Monday

Read More: https://threatpost.com/medusa-malware-flubot-android-distribution/178258/