Introduction: How Sturnus Threatens Android Users
Cybersecurity researchers warn that Sturnus, a new Android banking trojan, poses a serious risk. They note that it steals credentials and takes full control of devices. Moreover, it uses advanced tricks to commit financial fraud. Therefore, experts consider it a rising threat that requires quick attention.
Bypassing Encrypted Chats
Sturnus stands out because it can bypass encrypted messages. Researchers explain that it captures the screen after apps decrypt messages. Therefore, it can read chats from WhatsApp, Telegram, and Signal in real time. This capability gives attackers powerful insight into private conversations.
Fake Overlays and Credential Theft
The trojan can also deploy fake login screens. These screens appear over banking apps to collect user credentials. However, once the attackers collect the data, the trojan disables the overlay to reduce suspicion. Reports say the malware is still in early testing but already dangerous.
Disguised App Installations
Attackers distribute the malware through harmless-looking apps. For example, they hide it behind fake browsers and utility tools. However, once the victim opens the app, Sturnus activates silently. It focuses on financial targets across parts of Europe.
Communication Structure and Remote Control
Researchers say the name Sturnus fits because it uses varied communication methods. It mixes plaintext, AES, and RSA messages like a bird mimicking sounds. After infecting a phone, it contacts a remote server. Therefore, attackers gain encrypted channels to push new commands.
The malware also uses WebSocket connections for remote control sessions. Attackers can interact with the phone during VNC-style sessions. As a result, they can operate the device as if they held it.
Abusing Accessibility to Record Actions
Sturnus misuses Android accessibility services. It records keystrokes and tracks screen interactions. Furthermore, it gathers chat content from messaging apps when opened. This data helps attackers recreate the screen layout and issue remote clicks, scrolls, or text inputs.
Blocking User Attempts to Remove It
The trojan detects when a user tries to access settings that could disable its admin rights. Therefore, it instantly redirects the screen. This action prevents users from uninstalling it normally. Until users remove its admin privileges manually, cleanup remains extremely difficult.
Advanced Monitoring and Evasion Techniques
Sturnus monitors sensors, network conditions, and hardware details. It also logs installed apps. Consequently, attackers use this profile to adapt their tactics and avoid detection. Researchers believe the malware is still spreading slowly. However, its focused attacks suggest that larger campaigns may follow.
How to Prevent Sturnus Attacks
Users can reduce risk by installing security updates promptly and avoiding unknown apps. They should also use threat detection tools that scan for abnormal behavior and block risky permissions. Furthermore, managed protection services can monitor devices continuously and stop suspicious activity before it becomes harmful.
Sleep well, we got you covered.
