Cybersecurity researchers have discovered a new malware targeting the Android ecosystem with highly advanced capabilities. Dubbed “Sturnus,” this banking Trojan bypasses the encryption shields of previously secure apps like WhatsApp, Signal, and Telegram by directly reading the device’s screen.
Cybercriminals’ attack techniques on mobile devices are becoming increasingly sophisticated and difficult to detect. According to a new report published by cybersecurity firm ThreatFabric, a new banking Trojan called Sturnus has been discovered targeting Android users. While still in development, this malware, which already exhibits extremely dangerous capabilities, poses a serious threat to users’ financial data and privacy.
The most frightening feature that distinguishes Sturnus from other malware is its ability to target end-to-end encrypted messaging apps, often considered “impenetrable.” Unlike traditional viruses, Sturnus doesn’t attempt to break the encryption; instead, it employs a much more subtle approach.
Your Encrypted Conversations May No Longer Be Private
The Sturnus virus’s operating principle relies on its exploitation of the Android operating system’s Accessibility Services, designed for users with disabilities. Once a user installs a malicious app and grants this permission, the virus gains full control over the device.
Usually, apps like WhatsApp, Telegram, and Signal encrypt your messages over the network and transmit them. However, instead of listening to network traffic, Sturnus activates the moment a message is decrypted and displayed on the screen. Thanks to its keylogging and screen content reading capabilities, the malware records everything in the background while you read or write a message. This method effectively renders end-to-end encryption technology ineffective because the attacker obtains the data before or after it is encrypted.
Sturnus’s primary purpose isn’t to read messages; its primary purpose is financial fraud. The malware can detect banking apps installed on the victim’s phone. When a user opens their bank app, Sturnus overlays a fake login window (an overlay attack) over the real app. While the user thinks they’re logging into their bank’s app, they’re actually handing over their username and password directly to cybercriminals.
Researchers note that Sturnus’s capabilities aren’t limited to these. The software also allows cybercriminals to remotely connect to and manage the infected device (VNC – Virtual Network Computing). This allows attackers to black out the device’s screen and perform background money transfers without the victim’s knowledge, read and delete SMS confirmation codes, and even disable security software.
To protect themselves from Sturnus and similar advanced Android malware, it’s crucial to strictly adhere to digital hygiene practices. Experts recommend the following:
- Stay Away from Official Stores: Download apps only from official sources like the Google Play Store. Viruses like Sturnus are typically spread through fake APK files or third-party stores. Pay Attention to Permissions: If a calculator or flashlight app asks for “Accessibility” permissions, this is definitely suspicious. Think twice before granting such sensitive permissions.
- Use Security Software: Having an up-to-date and reliable antivirus/anti-malware app on your Android device can help detect these types of threats during installation.
- Google Play Protect: Make sure “Google Play Protect” is enabled on your device. This feature can scan for malicious apps and warn you.
{{user}} {{datetime}}
{{text}}