Android Users: A new Android banking trojan has emerged that can steal your banking details by bypassing the end-to-end encryption of secure messaging apps like WhatsApp, Signal and Telegram. According to researchers at security firm ThreatFabric, this malware is known by the name Sturnus and despite being still in the testing stage, it is equipped with very dangerous capabilities.
Researchers say that Sturnus has already been set to target many financial institutions in Southern and Central Europe, which clearly shows that preparations are underway to spread it on a large scale. It is considered to be more advanced than the existing banking malware and its communication system is also quite complex. The Trojan is named after a European bird called Sturnus vulgaris, which, like its changing and irregular vocalization patterns, constantly switches between simple and complex messaging protocols.
How does Sturnus attack?
This Trojan does not break encryption directly but instead misuses Android’s Accessibility Services feature. When the phone decrypts your messages, Sturnus reads them directly from the screen. That means it gets access to your incoming and outgoing messages, contact list and entire chat.
According to researchers, this malware immediately starts scanning the UI-tree of the app as soon as the user opens WhatsApp, Signal or Telegram so that the entire conversation can be monitored live. Additionally, it tries to install itself by disguising itself as a trusted app like Google Chrome or Preemix Box.
How does your money disappear?
Sturnus’ main goal is financial fraud and it steals banking data in two major ways.
fake login screen
This shows a fake screen on top of your real banking app. You think you are logging into your bank but in reality your username and password go directly to the hacker.
black screen attack
When hackers want to remotely control your phone, they put a black overlay on the screen. The phone seems to be switched off but at the same time hackers make transactions in the background and withdraw money and you don’t even know.
Difficult to remove, also protects itself
Sturnus is so clever that he does not allow himself to be removed from the phone. This device avoids uninstallation by taking administrator access. It constantly monitors battery, network and sensor activity to determine whether it is being tracked by any security researcher. If you try to turn off its permissions or remove it, it automatically clicks the back button or closes the settings. Researchers have clearly warned that this Trojan monitors every situation in the device for its survival and adopts various techniques to remain active for a long time.
Also read:
Oil Heater Vs Fan Heater: Who will save more electricity in this cold? Know which one is wise to buy
