Sturnus is an emerging Android trojan targeting mobile users in Europe, known for its capability to capture encrypted messages from various messaging applications. The malware employs sophisticated techniques like fake login screens to harvest banking credentials while also allowing attackers to conduct fraud without user awareness. Researchers from Threat Fabric identified this trojan as being in a testing phase, revealing its advanced features compared to existing malware families. However, Sturnus is currently deployed on a limited scale, indicating that attackers are likely refining their methods before a more extensive rollout. The malware’s operators focus on financial institutions in Southern and Central Europe, utilizing tailored themes to establish their attacks. The communication protocol is particularly complex, incorporating both plaintext and encrypted messages, showcasing the developers’ thorough understanding of secure communications mechanisms but implemented for malicious ends.
The name ‘Sturnus’ draws inspiration from the Sturnus vulgaris bird known for its chaotic sounds, paralleling the malware’s unpredictable communication strategy. The trojan employs WebSocket and HTTP channels for its operations, including strategic encryption methods for data transmission between the infected device and its command-and-control server. With the malware’s advanced capabilities and targeted focus, there remains a pressing need for users to enhance their security measures to protect against such mobile threats.
👉 Pročitaj original: Cyber Security News
