Cybersecurity specialists from ThreatFabric have issued a warning about the emergence of an extremely serious banking malware for the Android operating system called Sturnus. Although this ransomware is still in the final development stages, it already possesses a comprehensive set of features and significantly surpasses most current threats in its capabilities. The main threat posed by Sturnus lies in its ability to bypass end-to-end encryption used in widely utilized messaging applications. By leveraging the system capabilities of Accessibility features, the Trojan gains unimpeded control over everything displayed on the gadget’s screen. This allows it to intercept and analyze all currently decrypted text content in real-time, including the messages themselves, contact details, and any user-entered data. In addition to its covert information-gathering functions, Sturnus utilizes displaying HTML overlays (phishing) to steal trusted banking credentials and also enables unauthorized remote access to the device via a VNC session. In this mode, the attacker gains the ability to secretly exert full control over the smartphone without the owner’s knowledge: simulating taps, approving financial transfers, entering one-time confirmation codes, and even installing additional software. The malware disguises itself as common applications, such as Google Chrome or Preemix Box. After obtaining system administrator rights, it prevents its own removal, and to conceal its activities, the user may be shown a fake screen supposedly for an “Android system update.” Although the prevalence of Sturnus is currently limited, experts strongly caution that its internal structure was designed for rapid expansion, and its danger level is comparable to the most sophisticated types of malicious code.
About the Author
