Jenith
Well-known Member
- Joined
- Mar 25, 2019
- Posts
- 51,976
- Likes
- 182
Google and its device partners like Samsung have taken considerable steps to ensure the security of their software and hardware. Despite the efforts, threat vectors are becoming increasingly sophisticated.
A new Android malware has been identified that has the capability to steal sensitive information from banking apps and capture encrypted messaging on popular apps like WhatsApp without the user ever finding out.
Threatfabric reports that a privately operated Android banking trojan called Sturnus has been identified by MTI Security researchers. It's a highly potent threat vector that's capable of full device takeover.
It can even bypass encrypted messaging by simply capturing content from the device's screen after the messages are decrypted by apps like WhatsApp, Telegram, and Signal. The trojan isn't trying to break the encryption, it's simply recording content from the device's screen.
This malware can even steal login credentials for banking apps by displaying fake but very convincing login screens. You'll enter the credentials on what appears to be the login screen of your banking app but in reality those credentials would be sent straight to the attackers.
The analysis has also revealed that this malware provides significant remote control capabilities to the attackers. They can observe all user activity, push text to the device, and also black out the device screen as they execute fraudulent transactions in the background.
Sturnus hasn't been deployed at scale yet. The report mentions that the malware appears to be in development or limited testing phase, with targeted attacks being carried out across Southern and Central Europe. This may suggest the groundwork is being laid for a wider attack.
Given that Sturnus has been identified, it's likely that Google may already be looking to shore up Android's defenses. Just ensure that you follow best data security practices and have two-factor authentication enabled wherever possible to protect yourself.
The post Your Galaxy device may be at risk from this new malware targeting bank apps appeared first on imeisource.
A new Android malware has been identified that has the capability to steal sensitive information from banking apps and capture encrypted messaging on popular apps like WhatsApp without the user ever finding out.
Attackers can use this malware to steal banking information
Threatfabric reports that a privately operated Android banking trojan called Sturnus has been identified by MTI Security researchers. It's a highly potent threat vector that's capable of full device takeover.
It can even bypass encrypted messaging by simply capturing content from the device's screen after the messages are decrypted by apps like WhatsApp, Telegram, and Signal. The trojan isn't trying to break the encryption, it's simply recording content from the device's screen.
This malware can even steal login credentials for banking apps by displaying fake but very convincing login screens. You'll enter the credentials on what appears to be the login screen of your banking app but in reality those credentials would be sent straight to the attackers.
The analysis has also revealed that this malware provides significant remote control capabilities to the attackers. They can observe all user activity, push text to the device, and also black out the device screen as they execute fraudulent transactions in the background.
Sturnus hasn't been deployed at scale yet. The report mentions that the malware appears to be in development or limited testing phase, with targeted attacks being carried out across Southern and Central Europe. This may suggest the groundwork is being laid for a wider attack.
Given that Sturnus has been identified, it's likely that Google may already be looking to shore up Android's defenses. Just ensure that you follow best data security practices and have two-factor authentication enabled wherever possible to protect yourself.
The post Your Galaxy device may be at risk from this new malware targeting bank apps appeared first on imeisource.