In the latest version of Vultur, the threat actors have added seven new C2 methods and forty-one new Firebase Cloud Messaging (FCM) commands. Most of the added commands are related to remote access functionality using Android’s Accessibility Services, allowing the malware operator to remotely interact with the victim’s screen in a way that is more flexible compared to the use of AlphaVNC and ngrok. Consult the full blog post for a comprehensive analysis of Vultur, beginning with an overview of its infection chain, followed by a deep dive into its new features, uncovering its obfuscation techniques and evasion methods, and examining its execution flow.
14
Made with FlippingBook Ebook Creator