A sophisticated new Android malware, named Sturnus, poses a significant threat to financial security and personal privacy for smartphone users in Europe by stealing banking credentials and intercepting private messaging app conversations.
Researchers discovered Sturnus, which primarily targets Android devices to commit financial fraud. The malware uses a classic banking Trojan technique.
It overlays fake login pages onto legitimate banking applications. When users attempt to access their banking apps, Sturnus presents a fraudulent HTML page to steal login credentials, codes, or passwords.
Beyond financial theft, Sturnus integrates a remote access module. This allows cybercriminals to monitor everything displayed on the device’s screen, including passwords, installed applications, and other sensitive data.
The remote access capabilities enable the malware to intercept messages exchanged on instant messaging applications such as WhatsApp, Signal, and Telegram. It can retrieve both received and sent messages, contact names, and real-time conversations.
Crucially, Sturnus bypasses end-to-end encryption. It accesses messages after they have been decrypted by the legitimate messaging application, giving attackers a direct view of supposedly private communications.
Researchers describe Sturnus as “a serious threat to the financial security and privacy of its victims.”
The malware infiltrates smartphones through malicious APK files. These are often embedded within fake Google Chrome applications shared online.
Sturnus is currently in an early stage of development. So far, it has been used on a small scale, likely for testing purposes.
However, researchers anticipate larger-scale campaigns, particularly targeting Europe, in the near future.