Description
New variants of the Medusa malware have been identified, specifically targeting Android users across seven countries. This development underscores the ongoing efforts by threat actors to expand their reach and enhance their attack strategies against mobile platforms.
Details
The latest versions of Medusa were detected in early June 2024. Medusa is a sophisticated malware with capabilities such as credential theft, keylogging, screen capturing, and remote control functionalities. According to Vumetric Cybersecurity, these new variants show significant advancements in evasion techniques and are designed to bypass traditional security measures on Android devices. The malware’s spread has been noted in countries including the United States, Canada, Germany, France, Australia, India, and Brazil.
BleepingComputer reported that the Medusa attack chain begins with phishing campaigns that distribute malicious APK files. These files are often disguised as legitimate applications or updates. Once installed, the malware can access sensitive information, intercept communications, and manipulate device functions. The new variants also exploit vulnerabilities in older versions of the Android operating system, making it crucial for users to keep their devices updated.
Version 2024 of Medusa includes new features such as enhanced obfuscation techniques, improved command-and-control (C2) infrastructure, and capabilities to disable security applications. These improvements make detection and removal more challenging, posing a significant risk to affected users.
Indicators of Compromise (IoCs)
Organizations should monitor for the following indicators of compromise:
Remediation
To mitigate the risk posed by Medusa, organizations can:
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: New Medusa Malware Variants Target Android Users In Seven Countries
References