CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages

The Android malware is in development and appears to be mainly aimed at users in Europe. The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek.

Bank data breach

A new Android banking trojan named Sturnus is designed to target communications from secure messaging applications such as WhatsApp, Telegram, and Signal, according to mobile security and fraud detection company ThreatFabric.

The security firm says Sturnus is fully functional, but appears to be under development. While it has yet to be widely deployed, an analysis of the malware showed that it’s aimed at the customers of financial institutions in Central and Southern Europe.

Once it has infected a device, the malware can conduct overlay attacks to display fake bank login screens to trick victims into handing over their credentials. In addition, Sturnus enables cybercriminals to log keystrokes and allows them to remotely control the compromised device.

The malware is designed to gain administrator privileges on Android phones and monitors the victim’s activities to detect attempts to remove it from the device.

One noteworthy capability of Sturnus is related to the targeting of secure messaging applications. According to ThreatFabric researchers, the malware monitors foreground apps and initiates its malicious routines when the victim opens Telegram, WhatsApp, or Signal.

These types of secure messaging applications provide end-to-end encryption to protect user communications. However, this type of protection mechanism does not cover situations where the device has been completely compromised.

“Because it relies on Accessibility Service logging rather than network interception, the malware can read everything that appears on screen—including contacts, full conversation threads, and the content of incoming and outgoing messages—in real time,” ThreatFabric explained. 

“This makes the capability particularly dangerous: it completely sidesteps end-to-end encryption by accessing messages after they are decrypted by the legitimate app, giving the attacker a direct view into supposedly private conversations,” it added.

Related: Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Related: ClickFix Attacks Against macOS Users Evolving

Related: Landfall Android Spyware Targeted Samsung Phones via Zero-Day

Related: Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

Latest News

CYBERNEWSMEDIAPublisher