A new type of malware that spreads via malicious APKs has started popping up on Android devices. It’s especially alarming since it can spy on your protected chats and steal your banking details.
Researchers at MTI Security have identified the new malware as Sturnus, according to Android Authority. It’s able to access messages from encrypted apps by reading a device’s screen after messages have been decrypted, making the protections in popular messaging apps like WhatsApp, Telegram, and Signal useless.
Just as troubling, Sturnus can also layer realistic-looking fake login screens over banking apps, tricking users into giving away their account details. Another of Sturnus’ tricks is imitating an Android update screen that can indicate a software update is in progress while in reality, the malware has taken over the phone and is conducting malicious activity covertly.
Sturnus can also gain admin rights by tracking unlock attempts and viewing passwords, letting attackers know exactly what they need to to preveng the malware from being uninstalled.
Online fraud prevention agency Threat Fabric told Android Authority that most of the victims so far have been located within Southern and Central Europe, adding that the attackers may be refining their tooling and techniques before launching more widespread operations.
Currently, researchers do not know exactly how it is transmitted, but there’s speculation that it moves via rogue attachments sent through messaging apps. From there, it disguises itself as a fake version of Google Chrome or other apps.
As always, you should only download APK files from the Google Play Store, which has been tightening its security in recent years.
And this is indeed the advice that Google issued in a statement on Sturnus to Android Authority: “Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
