A popular Android banking Trojan going dark is usually good news, but not this time.

As reported by BleepingComputer, the banking Trojan Medusa, which had been inactive for almost a year, is back with multiple campaigns targeting users of the best Android phones in the US, UK, Canada, France, Italy, Spain, and Turkey It was resurrected in.

Medusa has been dangerous before, but these new variants require fewer permissions and include new features that make it easier for malware to commit fraud directly on compromised smartphones.

Here is everything you need to know about these new Medusa variants and how to protect yourself and your Android device from the banking trojan.

According to a new report from online fraud management firm Cleafy, these new Medusa variants were first discovered last July in several campaigns that use SMS phishing and smishing to side-load malware with the help of dropper apps.

In total, researchers identified 24 separate campaigns, five of which were attributed to botnets used to deliver malicious apps to unsuspecting users. Dropper apps used in these campaigns include a fake Chrome browser, a 5G connectivity app, and a fake streaming app called 4K Sports.

Since Medusa is a malware-as-a-service where hackers pay a subscription fee to deploy banking Trojans, all of these campaigns and botnets get a link to a command and control (C2) server centrally handled by the infrastructure.

To make the installation of the banking Trojan easier, Medusa's creators made it even smaller, requiring fewer permissions after installation. However, it still relies on Android's accessibility services in order to function.

Although 17 commands have been removed from previous versions of this banking Trojan, it retains the ability to access victims' contacts and send text messages for further dissemination. However, there are several new commands that give these Medusa variants the ability to uninstall apps, draw over them, set black screen overlays, and take screenshots.

Of these, the screen overlay is particularly dangerous, as it can be used by a remote attacker to make it appear as if the infected smartphone is turned off while malicious activity is running in the background. Similarly, Medusa's screenshot feature provides hackers with an easy way to steal sensitive information, such as passwords, from infected devices.

We will keep an eye on this improved banking Trojan because its small size means that hackers using it can expand the scope of their attacks while targeting even more Android users.

The banking Trojan Medusa is often spread through dropper apps, so extra care should be taken when installing new apps on smartphones.

Sideloading apps may be convenient, but it is an easy way to get infected with nasty malware, especially if you are downloading APK files from unreliable sources. For this reason, you should stick to official Android app stores such as the Google Play Store, Amazon Appstore, and Samsung Galaxy Store.

At the same time, you also want to make sure that Google Play Protect is enabled on your Android phone, because Google Play Protect will scan all existing apps and new apps you download for malware. For even more protection, you may also consider using one of the best Android antivirus apps in parallel.

Don't expect this particular threat to go away anytime soon, as banking Trojans can be quite lucrative for hackers to use in their attacks.