The Vultur malware disguises itself as a trusted mobile antivirus app to deceive users into downloading it, enabling it to steal login credentials through overlay attacks especially targeting financial institutions, posing a serious threat to both traditional banks and cryptocurrency exchanges. Security researchers discovered the malware campaigns distributing a malicious payload under the guise of a well-known security company's app. Despite the unclear initial infection method, evidence points to threat actors using deceptive tactics like SMS messages or website redirections
By creating fake user interface windows to overlay legitimate banking apps, Vultur tricks users into entering their login information, potentially compromising accounts from various financial entities. The malware operates from a domain controlled by threat actors, hinting at a coordinated effort to propagate the malware and infect users' devices. The cybersecurity community is advised to remain vigilant and utilize tools like WebPulse threat intelligence to block phishing attempts and protect against online threats from known malicious IPs and domains. https://cybersecuritynews.com/vultur-malware-mobile-antivirus-scam/