Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers.
Dan Goodin - 7/30/2021
Recently detected Android malware, some spread through the Google Play
Store, uses a novel way to supercharge the harvesting of login
credentials from more than 100 banking and cryptocurrency
applications.
The malware, which researchers from Amsterdam-based security firm
ThreatFabric are calling Vultur, is among the first Android threats to
record a device screen whenever one of the targeted apps is
opened. Vultur uses a real implementation of the VNC screen-sharing
application to mirror the screen of the infected device to an attacker-controlled server, researchers with ThreatFabric said.
https://arstechnica.com/gadgets/2021/07/new-bank-fraud-malware-called-vultur-infects-thousands-of-devices/
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)