If you use Android smartphone then there is big news for you. A big threat has emerged for Android users. According to cyber security reports, a new Android Banking Trojan Sturnus is increasingly targeting banking apps and is capable of stealing users’ login details. Not only this, this malware can also read end-to-end encrypted chats like WhatsApp, Telegram and Signal by capturing the screen, that too without breaking any encryption code. At present, Google has not released any new security patch to fix this weakness.
How Sturnus attacks banking apps
According to ThreatFabric’s report, MTI Security researchers found that Sturnus is a banking Trojan that can create identical fake login pages of banking apps. As soon as the user fills the login details, this information directly reaches the cyber criminals. The report says that this malware has extensive remote access, due to which the attackers can watch every activity of the user live. Not only this, it can also run fraudulent transactions in the background by blacking out the screen, which the user comes to know about later.
Reads chat without breaking E2E Encryption
According to the report, this malware does not break any encryption chain, but reads the messages on the Android device through screen capture as soon as they are decrypted. In this way, it can monitor chats of platforms like WhatsApp, Telegram and Signal. All three apps claim that their chats are not accessible by third parties, but Sturnus is able to view messages at the screen level, posing a serious security threat.
Initial attacks in Europe, researchers warn
What is alarming is that the earliest victims of Sturnus have been found in Southern and Central Europe. Researchers believe that this malware is still in the initial phase of development and the attackers are testing its capabilities. At present, only a few victims have been seen, but in view of these small and frequent attacks, experts have warned that large-scale cyber attacks may start in the future. Google has not yet been able to release any new security patch to remove this weakness.
Leave a Reply