icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

New Vultur Malware Version Includes Enhanced Remote Control and Evasion Capabilities

Summary:
The latest updates to Vultur introduce several significant changes, including enhanced remote control capabilities and the addition of new features. One notable addition is the malware's utilization of Android's Accessibility Services, allowing for remote interaction with infected devices through commands sent via Firebase Cloud Messaging (FCM). This enables the malware operator to perform various actions such as clicks, scrolls, swipe gestures, and more, without the need for a continuous connection.

Additionally, Vultur now includes a file manager feature, providing the actor(s) with greater control over infected devices. This feature allows for the download, upload, deletion, installation, and location of files. Another intriguing feature is the ability to block the victim from interacting with certain apps on their device. The malware operator can specify a list of apps to block, and upon detection, the malware will press back and display custom HTML code or a default message.

Furthermore, Vultur has implemented new obfuscation and detection evasion techniques, including AES encrypted and Base64 encoded HTTPS traffic, and the use of legitimate package names to masquerade malicious actions. The execution flow of Vultur involves multiple layers, with the malware being delivered through a modified version of the legitimate McAfee Security app. Each layer performs specific functions, such as registering with the C2 server, obtaining Accessibility Service privileges, and installing subsequent payloads.

Security Officer Comments: Of particular concern is Vultur's ability to remotely interact with infected devices without the need for a continuous connection, enhancing its stealth and persistence. This poses a serious threat to users' privacy and security, as malicious actors can execute a range of actions, including file manipulation and app blocking, with unprecedented ease.

Suggested Corrections:
To mitigate the threat posed by Vultur and similar Android malware, organizations should implement a multi-layered approach to cybersecurity. This includes deploying strong endpoint protection solutions capable of detecting and blocking malicious apps, regularly updating and patching devices to address known vulnerabilities, and educating users about the risks of downloading apps from untrusted sources.

Link(s):
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/

Contact Us for Threat Assistance
Back to Current Threats