Android owners warned of ‘Medusa’ attack that raids bank accounts targeting UK and US users – look out for 3 danger apps

BRITS and Americans have been warned of a vicious banking attack targeting Android users.

Dubbed “Medusa”, the campaign allows cyber thieves to raid accounts using sneaky tactics without the phone’s owner realising.

Users once again warned of downloading apps outside official app stores


Users once again warned of downloading apps outside official app storesCredit: Getty

Medusa has been around for sometime but experts have detected a new variant of it.

First uncovered in July 2020, the malware – also known as TangleBot – is capable of reading sensitive text messages, keeping tabs on the buttons you press, taking screenshots and recording phone calls to ultimately get hold of your bank account details.

This latest version goes a step further, with the ability to display a full-screen overlay, according to cybersecurity firm Cleary.

Doing so shows a black screen fooling victims into thinking their device is powered off when actually hackers could be getting to work.

“While the exact purpose remains under investigation, this functionality presents a potential threat: by obscuring the underlying screen content, the attacker can use this overlay to mask other malicious activities,” Cleary explained.

The attack has not only been targeting Android users in the UK and US, but also Canada, France, Italy, Spain and Turkey.

Hackers have come up with the sneaky idea of requesting fewer but more essential permissions.

“The latest Medusa variant demonstrates a strategic shift towards a lightweight approach,” Cleary continued.

Most read in Phones & Gadgets

“Minimising the required permissions evades detection and appears more benign, enhancing its ability to operate undetected for extended periods.”

Medusa usually relies on phishing tricks to spread malware.

Google reveals clever trick to prevent thieves from emptying your accounts on the Android 15

But it’s increasingly been detected in so-called dropper apps, which are downloaded from untrusted sources outside of the Google Play Store.

These can sometimes appear in “smishing” attacks, which are fake SMS messages designed to trick you into installing something on your phone.

Among the dubious apps found to be distributing Medusa this time round are fake Google Chrome and 5G connectivity apps, as well as a sketchy streaming app called 4K Sports.

How to spot a dodgy app

Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.

Follow this eight-point checklist when you’re downloading an app you’re unsure about:

  1. Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
  2. Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
  3. Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
  4. Research the developer – do they have a good reputation? Or, are totally fake?
  5. Check the release date – a recent release date paired with a high number of downloads is usually bad news.
  6. Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
  7. Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
  8. Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.

All of this information will available in both Apple’s App Store and the Google Play Store.