Medusa also can track the keys you type, control the screen, and manipulate text messages. Medusa will also capture screenshots and place overlays across the full screen in order to trick potential victims. As BleepingComputer says, “Overall, the Medusa mobile banking trojan operation appears to expand its targeting scope and be getting stealthier, laying the ground for more massive deployment and higher number of victim counts.” The current campaigns are targeting users of the best Android phones in the aforementioned countries.
Medusa uses full-screen overlays to trick the victim into thinking his phone is off. Image credit-Cleafy
Luckily, none of the dropper apps used to distribute the malware have been spotted in the Google Play Store; one could make the case that Medusa was allowed to drain financial accounts of Android users because Android allows users to sideload apps. But more worrisome is that Cleafy sees more cybercriminals joining this Android malware-as-a-service (MaaS) operation allowing newer and harder-to-detect ways to distribute the malware to be discovered and created. An MaaS operation is one in which the hacker pays a fee for using the trojan
And when you think about the ways that Medusa can take a screenshot of your phone, read your typing keytaps, or use overlays on the screen to trick you into typing your password where one doesn’t really belong, this is a serious threat that security firms need to continue to monitor. An overlay can also turn your phone’s screen black leaving you thinking that your phone is off while nefarious actions are taking place in the background.