A very dangerous malware has appeared in the Android world, and security researchers are warning everyone to stay alert. This new threat is a banking trojan calledSturnus, and it is powerful enough to bypass encrypted messaging apps like WhatsApp, Telegram and Signal to steal banking details. The malware is still in testing mode, yet it already shows signs of extreme danger.
Researchers say it has been configured to target financial institutions in Southern and Central Europe, which means a bigger cyberattack campaign may be coming soon.
Android Banking Trojan ‘Sturnus’ Can Read Encrypted Messages
Researchers at ThreatFabric explain that Sturnus does not hack the encryption of messaging apps. Instead, it abuses the Accessibility Services feature on Android phones.
Once the phone decrypts the message on the screen for the user, Sturnus reads the message directly from the screen. This helps the malware monitor conversations in real time, including incoming and outgoing messages, full chat threads, and even contact lists.
Sturnus automatically becomes active whenever the victim opens WhatsApp, Telegram or Signal. It does this by constantly watching which app is running in the foreground.
When any of these encrypted messaging apps are opened, the malware starts collecting the UI-tree, which means it reads whatever appears on the screen at that moment.
The name “Sturnus” comes from the bird Sturnus vulgaris, also known as the European Starling. The bird is known for its fast and irregular vocal patterns.
Researchers chose this name because the malware’s communication switching is also unpredictable, rapidly jumping between simple and complex messages, just like the bird’s chatter.
Android Banking Trojan Looks Like Trusted Apps
One of the main reasons Sturnus is so dangerous is that it hides itself as a trusted app. It may appear on a phone as “Google Chrome” or “Preemix Box” so that users install it without thinking.
Researchers say Sturnus is even more advanced than current malware families when it comes to communication methods and support for different devices.
If the wider campaign launches, Sturnus could become a major security threat for Android users across the world.
