{ "name": "A New Compact Variant Discovered", "slug": "a-new-compact-variant-discovered", "description": "Security researchers at Cleafy Labs detected a resurgence of the Medusa banking trojan, which targets Android devices for on-device fraud. The new variant exhibits a lightweight permission set, expanded geographical targeting, and the adoption of droppers for distribution. It introduces capabilities like full-screen overlays and remote app uninstallation while removing some previous functionalities. The malware's evolving tactics, including minimizing permissions for stealth and experimenting with novel distribution methods, underscore its growing threat.", "published": "2024-06-26T06:23:44+00:00", "created_at": "2024-06-26T06:23:44+00:00", "modified_at": "2024-06-26T06:56:01+00:00", "created_at_opencti": "2024-06-26T06:23:44+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-06-26", "android", "fraud", "medusa", "tanglebot", "trojan" ], "related_entities": { "observables": [ { "id": "", "name": "http://icq.im/AoLH5bRXfAE6eCtbw1I" }, { "id": "", "name": "http://icq.im/AoLH58xYS0_leBOpXFI" }, { "id": "", "name": "http://icq.im/AoLH58pXY8ejJTQiWg8" }, { "id": "", "name": "unkunknunkkkkk.info" }, { "id": "", "name": "topisbim.top" }, { "id": "", "name": "tonyyyyyyyyyy.info" }, { "id": "", "name": "tonyttnnntnn1704.top" }, { "id": "", "name": "tonymayisayininfilancagunu.info" }, { "id": "", "name": "tony1303sock.top" }, { "id": "", "name": "pemmbebebebebebe.info" }, { "id": "", "name": "pembemayisayininfilancazamani.info" }, { "id": "", "name": "pembe1303sock.top" }, { "id": "", "name": "cincincintopcin.info" }, { "id": "", "name": "baahhhs21.info" }, { "id": "", "name": "bimtambir.top" }, { "id": "", "name": "a6a6a6a6a6a6a6.info" }, { "id": "", "name": "a4a4a4a.life" }, { "id": "", "name": "a2a2a2a.life" }, { "id": "", "name": "facefacefff08eee8e6b00169cfc2167c983d01875b0d6db73b1dc7daf967833" }, { "id": "", "name": "dceb5e86453f99781aa4235a2bffbb41f9d8fbae5d2077c285dba4625875ce1f" }, { "id": "", "name": "d42dba76fb069cd4fca3ce93f765b4c14c31d1b8945d5823238ee40f6acb9822" }, { "id": "", "name": "f6ad2b1491d19aad9c63d5792b2e80e4deb4424cdfca564a406b891b03f7d76a" }, { "id": "", "name": "cc896cb8dafdeb318cd52f315f3de5bab0bafaf998522251d8e751bae54e513a" }, { "id": "", "name": "cab45bce0ee5e2a8e8a9dc5059ea1d7622e4cab33ee218794ad694b57cc0704e" }, { "id": "", "name": "c7e626f0662c60e1daecd9512240b32cf1a913d51db0d8c5b166123cc64e017f" }, { "id": "", "name": "c22230c33b8217036d4e4262d02f85c1e16b140f288d0417b223961e28fb2d19" }, { "id": "", "name": "a31d747aab691de759644314ec22da5aca765be4117879f76e1d79e3268d2372" }, { "id": "", "name": "a2c2874cac9dffa7451be8b25a33e93ab55be825c7bc65ac98c9103d743e890a" }, { "id": "", "name": "94c28a9d03ad9f5c3ce2f025c654b65ce3f43af65df09eb068d2137c70c154a7" }, { "id": "", "name": "9fa18e32f68dd75edddebbd509bc48e6056290252de01da5a18fe61c18fa2759" }, { "id": "", "name": "8b868f57e972f57d444ad9feca3936a4266032d7df1eb4e950dfcbb3e296a58a" }, { "id": "", "name": "7df2065c5c7494db559e668bc9b962c6e16d5445dfe1fb2e4fa05e3fb5dcfd1c" }, { "id": "", "name": "80c850c0f57bb866a99635ab8b15f87a0c99e99667dbc9d0d5f244a87383af3b" }, { "id": "", "name": "6da981a4ae1ae164d76df4805d37227a0a91c1fcb12f3efc70a5186c9302d379" }, { "id": "", "name": "68b56ef06b2c9403ade11bebef939fa4e754f44647cd2e313355568f87739942" }, { "id": "", "name": "682f48c68cc32f53ab3111820647c2a4debe4f6447059faf1d4343ea1f15dd38" }, { "id": "", "name": "6b8aaa3314e8071f8ee284df803e7a1684422e5140303531be6476959a3dfbb8" }, { "id": "", "name": "681973fbeec6783dc11e0549b6ea497d17021ad20a15b69cebe194ffac9d3b17" }, { "id": "", "name": "543b2efb7561f0dd916410cbabf82976361eed4c0bfa2e1e5ce252880de1b9ca" }, { "id": "", "name": "4e37b5f6848f1f02207a05979a3a792ebda141acd69b494e91910f915e35158b" }, { "id": "", "name": "414ea005199ba221c0048a4a7c544ae3e0891c9fe1634bbfc0cd6f3938b5f029" }, { "id": "", "name": "31c3ab369dde010911618deae72a63b85f60f684b155d807795025b412e2f033" }, { "id": "", "name": "39c6709dd65dcce3f15291f9aa373d0094294342631720f8c546cc72b177f195" }, { "id": "", "name": "29e2e7eb8ce83956f571358f42fa7807d3db7a376264372c6923c553b0010c08" }, { "id": "", "name": "24298685c619fefaae3dee45b139591e82aa7e85b6509699cf58d6cfc38502e5" }, { "id": "", "name": "219027932b7e10b24e89705dc1525f61c4dbbf18f2616c202f25d8f2995883a0" }, { "id": "", "name": "20347b60b96a6d0319fa3619057099949f375b51c7a269d1c9f628bfef4786da" }, { "id": "", "name": "17abb4094366eea7c72cba4cef10c7494d7b2e57c5e591176edbd93d9ad34757" }, { "id": "", "name": "0dabb2a8ef0e0171ea67507fc8d4ebde45ec02aae56b94c1e6a73e0ce4a4089a" }, { "id": "", "name": "031755a2a743c89801898802726f42e3ec1803f54100223dd6d12a0fe6dadab1" } ], "malware": [ { "id": "legacy:malware:67620d69e2856c40", "name": "TangleBot", "slug": "tanglebot" }, { "id": "legacy:malware:7209e12ecf01afc4", "name": "Medusa", "slug": "medusa" } ], "intrusion_sets": [ { "id": "173b3c2c-c666-4e5b-b97b-f37b710e9e17", "name": "Medusa", "slug": "medusa" } ], "attack_patterns": [ { "id": "fd6a3ae8-f3af-41a6-9292-09912a059105", "name": "T1558.003" }, { "id": "9f21708c-24b6-46b5-bf7e-522256e8470c", "name": "T1552.004" }, { "id": "f0737574-d089-4a2e-8d65-12351366026f", "name": "T1592.003" }, { "id": "bf00a05b-873c-4341-9d91-0aa52b28def2", "name": "T1592.001" }, { "id": "6c31e3ae-7a24-4c3b-8a2a-f769c351a2af", "name": "T1568.002" }, { "id": "88fd8eb3-cc2d-4ff0-92ff-d047dafc7855", "name": "T1592.002" }, { "id": "ea8c69fc-e735-4ded-8480-4c3564beace6", "name": "T1589.001" }, { "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd", "name": "T1498" } ], "others": [ { "id": "", "name": "Spain" }, { "id": "", "name": "Italy" }, { "id": "", "name": "Canada" }, { "id": "", "name": "France" }, { "id": "", "name": "United States of America" }, { "id": "", "name": "financial" } ] }, "external_refs": [ "https://www.cleafy.com/cleafy-labs/medusa-reborn-a-new-compact-variant-discovered", "https://otx.alienvault.com/pulse/667bd010511c7d2bf93bd475" ] }