A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions.  Researchers believe these changes are aimed at improving efficiency and strengthening the botnet. The MaaS model used by Medusa allows for adaptations based on various factors, such as new affiliates seeking less detectable variants to target unexplored regions.  Sports 4K Activities The Medusa banking Trojan, first discovered in 2020, grants attackers remote access to devices through VNC and accessibility services, allowing them to perform real-time screen sharing, steal keystrokes, and launch overlay attacks for on-device fraud (ODF) such as account takeover (ATO).  Medusa communicates with the attacker’s C2 server through a web socket connection, fetching the URL dynamically from social media platforms like Telegram for obfuscation and resilience against takedowns.

Source: GBHackers