BRITS and Americans have been warned of a vicious banking attack targeting Android users.
Dubbed "Medusa", the campaign allows cyber thieves to raid accounts using sneaky tactics without the phone's owner realising.
Medusa has been around for sometime but experts have detected a new variant of it.
First uncovered in July 2020, the malware - also known as TangleBot - is capable of reading sensitive text messages, keeping tabs on the buttons you press, taking screenshots and recording phone calls to ultimately get hold of your bank account details.
This latest version goes a step further, with the ability to display a full-screen overlay, according to cybersecurity firm Cleary.
Pub delivers five-word response to critics of its 'slow' carvery service
Doing so shows a black screen fooling victims into thinking their device is powered off when actually hackers could be getting to work.
"While the exact purpose remains under investigation, this functionality presents a potential threat: by obscuring the underlying screen content, the attacker can use this overlay to mask other malicious activities," Cleary explained.
The attack has not only been targeting Android users in the UK and US, but also Canada, France, Italy, Spain and Turkey.
Hackers have come up with the sneaky idea of requesting fewer but more essential permissions.
"The latest Medusa variant demonstrates a strategic shift towards a lightweight approach," Cleary continued.
"Minimising the required permissions evades detection and appears more benign, enhancing its ability to operate undetected for extended periods."
Medusa usually relies on phishing tricks to spread malware.
But it's increasingly been detected in so-called dropper apps, which are downloaded from untrusted sources outside of the Google Play Store.
These can sometimes appear in "smishing" attacks, which are fake SMS messages designed to trick you into installing something on your phone.
Among the dubious apps found to be distributing Medusa this time round are fake Google Chrome and 5G connectivity apps, as well as a sketchy streaming app called 4K Sports.
Millions of Android owners could slash 'vampire bills' – how to save money
