A new Android banking Trojan called Sturnus can intercept encrypted messages from platforms like Signal, WhatsApp, and Telegram, while taking over the device completely. Its advanced capabilities include decrypting communication, stealing credentials, and performing remote control for malicious activities, posing a serious threat to European users. #Sturnus #AndroidTrojan
Keypoints
- Sturnus can decrypt and access messages from encrypted messaging apps by capturing on-screen content.
- The malware can gain full device control using remote VNC sessions and Accessibility services.
- It targets accounts at European financial organizations with region-specific overlays.
- Installation is primarily through malicious APK files disguised as legitimate apps.
- Sturnus uses encrypted channels for command-and-control and exfiltration, making detection difficult.