Billions Of Phones At Risk! New Android Malware Can Read Your Private Chats, Steal Passwords And Bank Details

WhatsApp and Telegram serves as the most used instant messaging platforms in the world with billions of users. Now, anything that can breach their tight security wall and access the encrypted chats straight

up spells dangerous. And the latest in the line is an Android banking trojan dubbed Sturnus that can trigger credential theft and complete device takeover to conduct financial fraud. The most disturbing fact about the same is that it can bypass encrypted messaging, posing a direct threat to WhatsApp, Signal, and Telegram, as said by ThreatFabric in a report by The Hacker News. Sturnus can monitor communications via Telegram, Signal, and WhatsApp by capturing directly from the device screen after decryption. That's not it, the trojan is so dangerous that it can stage overlay attacks by providing fake login screens over banking applications to capture the credentials of the victims. As mentioned by Dutch, a smartphone security firm, Sturnus is privately operated and is currently in the evaluation stage. Artifacts distributing the banking malware are Google Chrome ("com.klivkfbky.izaybebnx"), Preemix Box ("com.uvxuthoq.noscjahae").

What's The Purpose Of Sturnus?

Sturnus has been designed to pinpoint financial institutions over Southern and Central Europe with region-specific overlays. The name Sturnus defines that the malware used a mixed communication pattern blending plaintext, RSA, and AED. ThreatFabric linked it to the European Starling Sturnus Vulgaris, which consists of multiple whistles and is popularly known as a vocal mimic.It contacts a remote server over HTTP channels and WebSocket to register the device and receive encrypted payloads in return. It also builds a WebSocket channel to let the threat actors communicate with the compromised Android phone during Virtual Network Computing (VNC) sessions. Apart from stealing bank credentials, Sturnus can also abuse the accessibility services of Android devices like recording UI interactions and capturing keystrokes. And yes, the malware can also show a full-screen overlay that blocks all visual feedback and mimics the Android OS system update screen to five the impression that the software is updating as of now while dubious tasks are carried out in the background. It can also gather chat content from applications like WhatsApp, Telegram, and Signal when any of the apps are opened by a person with a compromised device. ThreatFabric said, 'Until its administrator rights are manually revoked, both ordinary uninstallation and removal through tools like ADB are blocked, giving the malware strong protection against cleanup attempts.'

The Degree Of Damage It Can Do

The degree of damage that can be caused by Sturnus is apocalypse-level from an Android smartphone user's perspective. It is not just spyware; it can actually serve you a spoof screen where you will enter your passwords without you even getting the hang of what's going on. The attackers will not only use it for data stealing, but they are mainly aiming to drain your bank accounts.Also Read: Android Phone Users Can Now Share Photos With iPhones Using AirDrop: Here’s How, Eligible Devices As of now, we can say that the spread of the same is limited, but no one know until when we are safe and how soon can the same start blowing up on a global level.

How To Stay Safe?

The key rule to stay safe from this kind of malware is not (seriously, never) download an app from unverified sources. That cracked app you like for premium features could be a playground for scammers. And always check if the app you are installing on your device is asking for a lot of permissions that it probably doesn't need. Last but not least, keep the alerts for your banking apps on so that you get to know as soon as there is any activity.