How the Medusa Banking Trojan Exploits Social Networks

When the banking malware for Android known as Medusa initially launched, it exclusively attacked users of Turkish banking entities; now it attacks banking entities in the US, Canada, and Europe.

Medusa opens the accessibility systems on a victim’s device and displays an alert requesting permissions. The malicious app will continue to open the accessibility settings and display the alert until the permissions are granted. It also takes advantage of several social networks (including Telegram, ICQ, and Twitter) to store the address of the control server to which the trojan must connect.

Download our threat report How the Medusa Banking Trojan Exploits Social Networks to learn how this banking trojan:

  • sends commands to steal lists of contacts stored on an infected device
  • steals SMS messages to obtain one-time passcodes to authorize online banking transactions
  • shares an infected device’s screen with the attacker in real time.

Download the Report!

Download this Resource

Sign up for our newsletter

Stay Up-to-Date on Financial Risk Management