From 9db5d181146627b299e543c009817a3f3704218a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Tue, 17 May 2022 14:16:21 -0500
Subject: [PATCH] chg: [android] Adds Vulture
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/android.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/clusters/android.json b/clusters/android.json
index c8b24bb..232d31e 100644
--- a/clusters/android.json
+++ b/clusters/android.json
@@ -4653,7 +4653,18 @@
       },
       "uuid": "aef548fb-76f5-4eb9-9942-f189cb0d16f6",
       "value": "Razdel"
+    },
+    {
+      "description": "Vulture is an Android banking trojan found in Google Play by ThreatFabric. It uses screen recording and keylogging as main strategy to harvest login credentials.",
+      "meta": {
+        "refs": [
+          "https://www.threatfabric.com/blogs/vultur-v-for-vnc.html",
+          "https://twitter.com/_icebre4ker_/status/1485651238175846400"
+        ]
+      },
+      "uuid": "66026639-132f-436e-8348-1219714e9f62",
+      "value": "Vulture"
     }
   ],
-  "version": 20
+  "version": 21
 }