A new banking malware on Android is reportedly spying on ...

A new banking malware on Android is reportedly spying on your messages A Pixel 9 Pro showing notifications on the lock screen

By Matthew Mountjoy Published 55 minutes ago Sign in to your Android Police account Summary Generate a summary of this story follow Follow followed Followed Like Like Thread Log in Here is a fact-based summary of the story contents: Try something different: Show me the facts Explain it like I’m 5 Give me a lighthearted recap

A new type of malware that spreads via malicious APKs has started popping up on Android devices. It's especially alarming since it can spy on your protected chats and steal your banking details.

Researchers at MTI Security have identified the new malware as Sturnus, according to Android Authority. It's able to access messages from encrypted apps by reading a device's screen after messages have been decrypted, making the protections in popular messaging apps like WhatsApp, Telegram, and Signal useless.

Just as troubling, Sturnus can also layer realistic-looking fake login screens over banking apps, tricking users into giving away their account details. Another of Sturnus' tricks is imitating an Android update screen that can indicate a software update is in progress while in reality, the malware has taken over the phone and is conducting malicious activity covertly.

Sturnus can also gain admin rights by tracking unlock attempts and viewing passwords, letting attackers know exactly what they need to to preveng the malware from being uninstalled.

Online fraud prevention agency Threat Fabric told Android Authority that most of the victims so far have been located within Southern and Central Europe, adding that the attackers may be refining their tooling and techniques before launching more widespread operations.

Currently, researchers do not know exactly how it is transmitted, but there's speculation that it moves via rogue attachments sent through messaging apps. From there, it disguises itself as a fake version of Google Chrome or other apps.

As always, you should only download APK files from the Google Play Store, which has been tightening its security in recent years.

And this is indeed the advice that Google issued in a statement on Sturnus to Android Authority: "Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

Phones
Operating Systems
Malware

Follow Followed Like Share Facebook X WhatsApp Threads Bluesky LinkedIn Reddit Flipboard Copy link Email Close Thread Sign in to your Android Police account

We want to hear from you! Share your opinions in the thread below and remember to keep it respectful.

Be the first to post Images Attachment(s) Please respect our community guidelines. No links, inappropriate language, or spam.

Your comment has not been saved

Send confirmation email

This thread is open for discussion.

Be the first to post your thoughts.