Information: We have used commission links in this article and marked them with “*”. If an order is placed through these links, t3n.de receives a commission.

This approach is new: hackers use Vulture malware to spy on the cell phone displays of affected people by recording it. The Trojan descends through the installation of an app on the user’s smartphone – they can hardly get the Vulture away from there.

A new malware is causing turmoil in Android-cosmosuniverse. Vulture spies on cell phone screens of users who have security guard app downloaded to keep. Trojan records screen data, ThreatFabric’s IT security researchers found malware in early March 2021. According to their report, Vultr is particularly interested in online banking and crypto wallet data. Users in Italy, Australia and Spain are particularly affected. HSBC and Santander banking apps have been spied on.

vulture is one remote-access-trojanerWhich enables third parties to access and control the smartphone remotely. The malware uses Virtual Networking Computing, or VNC for short, for this. In general, data can be called, saved and transmitted in this way. For remote access, the Trojan uses the Ngrok program, which enables remote access to the affected device’s VNC server. Using VNC also enables screen recording, which, according to ThreatFabric, falls under the term “remote screen sharing.” Plus, Vultr has access to accessibility services. Everything that the user puts into the apps the malware is interested in is recorded and saved by the intruding bot.

The use of screen recording in this context is particularly new. Previously the malware in this area basically recreated a website to prompt the user to enter their data. Instead, Vultr records data from the display and thus gains access to passwords, eg. This process is simpler than the usual website replication process till now.

Because of this process, security experts at ThreatFabric named the malware Vulture, which stands for Vulture. Like the bird of prey, the malware spies on unsuspecting users and thereby obtains their banking data, among other things.

In addition, the Protection Guard app, which introduced malware, cannot be easily removed. Vultur prevents users from reaching the point of being uninstalled by malware in their smartphone’s settings, which repeatedly takes the user back to the relevant menu. This means the affected people do not hit the uninstall button. To resolve this issue, Android users can go to “Device Management Apps” in Settings under the menu item “Security & Location” and remove the Security Guard app. It should be possible to deactivate then. This Connect. I get advice from colleaguesBut could not be verified.

You may also be interested in