New malware can read your chats and steal your money

Advanced Android scam detection to protect you from toll, crypto, and more Safeguarding your phone and personal data has never been more crucial. A new Android banking trojan called Sturnus is shaping up to be one of the most capable threats we have seen in a while. It is still in early development, but it already behaves like a fully mature operation. Once it infects a device, it can take over your screen, steal your banking credentials and even read encrypted chats from apps you trust. The worrying part is how quietly it works in the background. You think your messages are safe because they are end-to-end encrypted, but this malware simply waits for the phone to decrypt them before grabbing everything. It's important to note, however, that Sturnus does not break encryption; it only captures messages after your apps decrypt them on your device. Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter. Sturnus malware uses deceptive screens that mimic real banking apps to steal your credentials in seconds. (Kurt "CyberGuy" Knutsson ) A closer look at the malware's capabilities Sturnus combines several attack layers that give the operator nearly full visibility into the device, as reported by cybersecurity research firm ThreatFabric. It uses HTML overlays that mimic real banking apps to trick you into typing your credentials. Everything you enter goes straight to the attacker through a WebView that forwards the data instantly. It also runs an aggressive keylogging system through the Android Accessibility Service. This lets it capture text as you type, follow which app is open, and map every UI element on the screen. Even when apps block screenshots, the malware keeps tracking the UI tree in real time, which is enough to reconstruct what you are doing. NEW ANDROID MALWARE CAN EMPTY YOUR BANK ACCOUNT IN SECONDS On top of overlays and keylogging, the malware monitors WhatsApp, Telegram, Signal and other messaging apps. It waits for these apps to decrypt messages locally, then captures the text right from the screen. This means your chats may remain encrypted over the network, but once the message appears on your display, Sturnus sees the entire conversation. It also includes a full remote control feature with live screen streaming and a more efficient mode that sends only interface data. This allows precise taps, text injection, scrolling and permission approvals without showing any activity to the victim. How Sturnus stays hidden and steals money The malware protects itself by grabbing Device Administrator privileges and blocking any attempt to remove it. If you open the settings page that could disable those permissions, Sturnus detects it immediately and moves you away from the screen before you can act. It also monitors battery state, SIM changes, developer mode, network conditions and even signs of forensic investigation to decide how to...

Preview: ~500 words