Sturnus: New Android Banking Trojan Targets WhatsApp, Telegram, Signal

The Android trojan Sturnus targets secure messaging apps like WhatsApp, Telegram, and Signal. It can steal banking credentials, remotely control devices, and bypass encrypted messaging by capturing on-screen content. The malware is still under development but is already targeting financial institutions in certain regions, indicating preparation for a broader campaign. Sturnus uses HTML overlays and accessibility-based keylogging to steal data and monitor user actions in real-time. It also employs screen mirroring and a fallback system for screen capture, ensuring full remote control of infected devices. The malware's sophisticated tactics include device administrator abuse and comprehensive environmental monitoring, making it a significant threat to financial security and privacy.

Latest mentioned: 11-20

Earliest mentioned: 11-20

Sources

gbhackers.com securityaffairs.com bleepingcomputer.com thehackernews.com therecord.media

Also Read

APT24 Uses BADAUDIO Malware in 3-Year Espionage Campaign

A threat actor known as APT24 has been using a previously undocumented malware called BADAUDIO to establish persistent remote access to compromised networks. The campaign, which has been ongoing for nearly three years, initially relied on broad strategic web compromises but has recently shifted to more sophisticated vectors, including supply chain attacks and targeted phishing campaigns. The malware is highly obfuscated and uses control flow flattening to resist reverse engineering. APT24 has compromised over 20 legitimate websites and a regional digital marketing firm to deliver BADAUDIO, which acts as a first-stage downloader capable of executing encrypted payloads from command and control servers.

11-21Read more →