New Android Trojan Drains Bank Accounts and Spies on Chats

A dangerous new Android banking trojan called Sturnus is targeting mobile users by draining bank accounts and spying on encrypted chat applications. It spreads through fake apps or disguised APK files, tricking users into installing it on their devices.

Once installed, Sturnus requests high-level permissions, including Accessibility Services, which allow it to monitor screen content, simulate taps, and overlay fake login screens on legitimate banking or financial apps. This enables attackers to capture usernames, passwords, and other sensitive data.

Sturnus can also intercept messages from encrypted chat apps such as WhatsApp, Telegram, and Signal by capturing screen content after it has been decrypted, giving attackers access to private conversations.

The malware communicates with a remote server, sending stolen data and receiving commands. It can remotely control the device, hide its presence, prevent uninstallation, and erase evidence, making detection and removal very difficult.

Why Sturnus is Dangerous:

• Combines banking theft, device takeover, and interception of encrypted communications.
• Exploits legitimate Android features to remain undetected.
• Can hide behind fake apps or updates, making unsuspecting users vulnerable.

How to Stay Safe:

• Only install apps from official stores like Google Play.
• Avoid sideloading APKs from unknown sources.
• Carefully review app permissions, especially for Accessibility and overlay access.
• Enable built-in security features and consider a reputable mobile security app.
• Be cautious with links in messages that prompt app installations.

Sturnus demonstrates the increasing sophistication of mobile malware, showing that even encrypted communications and financial apps can be vulnerable if proper security measures are not followed.