Newly-discovered malware, dubbed Sturnus, has been found to be targeting Android devices in Southern and Central European countries. This Android Banking Trojan is capable of accessing a user's banking credentials and reading their end-to-end encrypted chats on various instant messaging services.
What is Sturnus: The New Android Banking Trojan
The malware, discovered by MTI Security researchers, is known as Sturnus. It is an Android Banking Trojan that can replicate the login pages of various banking apps on a user's phone, forcing them to log in and steal their banking credentials.
Capabilities of Sturnus
The malware grants extensive remote access to attackers, allowing them to observe all user activity. It also enables them to inject text without physical contact with the device, remotely black out screens to execute fraudulent transactions in the background, and capture screen images to read end-to-end encrypted messages.
Impact of Trojan Sturnus on End-to-End Encryption
Sturnus can bypass end-to-end encryption by capturing screen images of decrypted messages. This allows it to monitor communications done through WhatsApp, Telegram, and Signal, which all claim to have unbreakable encryption.
Targeting Regions and Attack Strategy
The researchers believe that Sturnus' makers are primarily targeting victims in Southern and Central European countries. The attackers are conducting short, intermittent attack campaigns, but the researchers warn that there could be large-scale and widespread attacks soon.
Google's Response to Sturnus
At this time, Google has not released a new security patch to fix the vulnerabilities being leveraged by the trojan. It is unclear when or if such a patch will be made available to users.
Conclusion
The discovery of Sturnus highlights the ongoing threat of malware targeting Android devices. As cyberattacks continue to evolve, it is essential for users to remain vigilant and take necessary precautions to protect their sensitive information. By staying informed about the latest threats and vulnerabilities, we can work together to prevent such attacks and maintain a secure online environment.