A dangerous new Android malware called Sturnus is making headlines for its ability to breach the security of popular messaging apps like WhatsApp, Telegram, and Signal.
Unlike typical threats, Sturnus can capture screen content after encryption, allowing attackers to read private chats.
Even more concerning, it can display fake login screens over legitimate banking apps to steal credentials, making it a serious risk for financial fraud.
Currently, Sturnus spreads through malicious apps disguised as Google Chrome or Preemix Box.
How Sturnus Works: Overlays, Device Control, and Stealth
Sturnus is designed to target banks in Southern and Central Europe using overlays customized for each bank.
The malware communicates with remote servers using encrypted channels and can even take live control of a device through Virtual Network Computing (VNC).
It abuses Android’s accessibility services to record keystrokes, track app activity, and capture sensitive chat content.
The trojan can also show a fake system update screen to hide its actions.
Once installed, it is extremely hard to remove and requires manual revocation of administrator rights.
Why Sturnus Is a Serious Threat
Sturnus is more than just a spying tool—it’s a full-scale fraud engine capable of draining bank accounts.
While its current reach is limited, experts warn it could spread rapidly if precautions aren’t taken.
Protection tips for users:
Only install apps from trusted sources like Google Play Store.
Be cautious about apps requesting excessive permissions.
Enable banking alerts to detect suspicious transactions quickly.
Summary:
Sturnus is a highly advanced Android malware that:
Bypasses encrypted messaging apps to steal chat content.
Uses fake overlays to capture banking credentials.
Gains full control over devices using accessibility services.
Is difficult to remove and capable of large-scale financial fraud.
Users are advised to remain vigilant and avoid unknown apps to stay protected.
