Vultur Malware Targeting Android Banking Customers

This attack is novel in that it relies on reading and recording a mobile device's screen or keylogging to steal a user's credentials rather than overlay attacks. Screen-reading and keylogging malware can be less a resource-intensive method than overlay attacks that mimic targeted banks' mobile app or mobile website log-in screens. The attack started with a malicious app published on the Google Play Store. While Google does seem to respond to alerts of malicious apps, that's no comfort to victims that have already been fleeced of their credentials or funds. A recent report from AV-TEST also showed that Google Play Protect, whose objective is to identify malware, placed last amongst its mobile security app peers. The key takeaway here is that developers/publishers of mobile apps that facilitate payments or other banking activities should not assume their apps and users are protected by the Android operating system or the Google Play Store alone. They need to take additional action with multiple layers of security including strong customer authentication and app shielding which when integrated into a mobile banking app, for example, will continuously monitor the app and shut it down if screenreading or keylogging activity, such as that executed by this Vultur malware, is detected.