The Android banking trojan known as Vultur has resurfaced with a suite of new features and improved anti-analysis and detection evasion techniques, enabling its operators to remotely interact with a mobile device and harvest sensitive data.
“Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions,” NCC Group researcher Joshua Kamp said in a report published last week.
Vultur was first disclosed in early 2021, with the malware capable of leveraging Android’s accessibility services APIs to execute its malicious actions.
