Ongoing Medusa Campaign Targeting Android Device Users

Published on 26 Jun 2024

There are reports of an ongoing Medusa malware campaign targeting Android device users. The Medusa banking trojan, first discovered in 2020, has once again re-appeared after an extended period of low activity. The trojan has multiple capabilities, including keylogging, screen control, and SMS manipulation. It masquerades itself as a legitimate application, such a fake Google Chrome browser, a 5G connectivity app, or a fake streaming app.

The campaign relies on SMS phishing (“smishing”), to sideload the malware through dropper applications. The trojan is able to read and inject any keystrokes on any banking application running on the compromised device, allowing the operators to target any banking platform with phishing login forms to steal credentials.

In comparison to older variants, the latest Medusa variant requests for a smaller set of permissions from the compromised user’s device, but still retains the capability to access the victim’s contact list and send SMSes, which are key features for continued distribution of the malware.

Android users are advised to stay vigilant and adopt the following measures to protect their devices against malware:
  • Only install applications from the official Google Play Store. As an added precaution, check the developer information on the application listing, and only download applications developed and listed by the official developer.
  • Pay attention to the security permissions requested by the application and/or its privacy policy before downloading. Be wary of applications that ask for unnecessary permissions on your device.
  • Uninstall any unknown applications that are found in your devices immediately.
  • Perform anti-virus scans and keep regular backups of important data.
  • Ensure that your devices’ operating systems and applications are updated regularly to be protected by the latest security patches.
Members of the public may also refer to our joint advisory on  The Dangers Of Downloading Applications From Third Party Or Dubious Sites.
More information is available here: