The Medusa banking trojan for Android has resurfaced with more compact variants targeting multiple countries. The malware, also known as TangleBot, allows keylogging, screen controls, and SMS manipulation. Recent campaigns discovered by Cleafy involve lighter variants that require fewer permissions and include features like full-screen overlaying and screenshot capturing. These campaigns use smishing to distribute the malware through dropper apps like fake Chrome browsers and streaming apps. The malware's new variant reduces its footprint on devices and adds commands for uninstalling apps, taking screenshots, and updating user secrets. With the UEFA EURO 2024 championship underway, the timing of using a 4K Sports streaming app as bait is strategic. As the Medusa operation expands its reach and stealthiness, more sophisticated distribution strategies are expected from cybercriminals.