A new report by ThreatFabric discusses the recent Vultur malware, primarily used as a banking trojan on Android devices. Vultur continues two trends recently documented by Threat Watch. While currently used as a banking trojan, Vultur is in a fact a full Remote Access Trojan (RAT) granting complete access and control over a successfully infected device. In addition, Vulture uses a Virtual Network Computing (VNC) server to directly connect and record user actions on a device, instead of false login screens or other logging and strategies. Activity was most concentrated on cryptocurrency wallets and Italian, Spanish, and Australian banking institutions. Attacks occur via downloads of putative apps via the Google Play store; ThreatFabric has found some evidence of a connection between Vultur and the so-called Brunhilda dropper framework for Google Play Store, and proposes these are developed by the same malware group.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is