Updated November 25 with a new warning from America’s Cyber Defense Agency, CISA, regarding how spyware is targeting users of instant messaging applications, as well as further comments from malware experts regarding the Sturnus threat from hackers impacting all secure messenger users.
In an era where confidentiality is paramount, the encrypted instant messages exchanged through applications like Signal, Telegram, and WhatsApp have become a sanctuary for secrets—be it for government entities, multinational corporations, or everyday consumers. However, a new and alarming threat has emerged, specifically targeting Android smartphone users, which effectively undermines the very encryption designed to protect our private communications. Enter the Sturnus trojan, a sophisticated piece of malware that poses a significant risk to users.
These Hackers Can Read Your ‘Private’ Instant Messages
Security researchers from ThreatFabric have identified Sturnus as a banking trojan that transcends the typical capabilities of such malware. While it can seize control of devices and extract banking credentials, its most concerning feature is its ability to bypass encrypted messaging. According to ThreatFabric’s analysis, Sturnus is still in a developmental or limited testing phase, yet its implications are profound. The good news is that the encryption of apps like Signal and WhatsApp remains intact; the attackers have not cracked the encryption itself. Instead, they have devised a method to capture messages after they have been decrypted and displayed on the smartphone screen.
This situation serves as a timely reminder of the vulnerabilities that can arise even in seemingly secure environments. Users should remain cautious about downloading apps from untrusted sources, as Sturnus has been distributed through what appears to be legitimate updates, such as those for Google Chrome.
Security Expert Reveals Threat From Hackers Posed To All Organizations By The Sturnus Trojan
Aditya Sood, vice president of security engineering and AI strategy at Aryaka, articulated the unique threat posed by Sturnus in an email, emphasizing its capability to utilize a combination of plaintext, RSA, and AES-encrypted communication with its command and control (C2) server. This sophisticated blend allows Sturnus to integrate seamlessly into normal network patterns, effectively concealing its commands and stolen data from security systems.
Sood elaborated on the implications of this advanced evasion technique, noting that it complicates efforts to inspect Sturnus’ network traffic or recover stolen data. His warning extends beyond individual consumers, highlighting the potential risks for organizations that utilize end-to-end encrypted platforms like Signal for sensitive communications. The ability of Sturnus to extract messages from these platforms could lead to significant security breaches across various industries.
Hackers Can Read Everything That Appears On Your Smartphone Screen
The report indicates that Sturnus employs Accessibility Service logging, enabling it to read everything displayed on the smartphone screen in real time—contacts, conversation threads, and the content of messages, both incoming and outgoing. This capability allows it to circumvent the protections offered by end-to-end encryption. As the researchers pointed out, a compromised device is inherently insecure; once a device is infiltrated, all sensitive exchanges become visible to the operator, stripping away any cryptographic safeguards.
To protect against such threats, users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and refrain from granting accessibility permissions unless absolutely necessary.
Cybersecurity And Infrastructure Security Agency Publishes New Warning As Hackers Target Messenger Apps With Spyware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the risks associated with messaging applications, highlighting the tactics employed by cyber threat actors who utilize commercial spyware. According to CISA, these actors employ sophisticated targeting and social engineering techniques to deliver spyware, gaining unauthorized access to victims’ messaging apps and facilitating further malicious payloads that can compromise mobile devices.
CISA outlined several familiar tactics used by these advanced hackers, including:
- Phishing and malicious device-linking QR codes to compromise victim accounts.
- Zero-click exploits, which require no direct action from the user.
- Impersonation of messaging app platforms, such as Signal and WhatsApp.
While the majority of users may not be the primary targets of such espionage attacks, the advice provided by CISA is applicable to everyone. Users should remain vigilant against social engineering tactics, verify the authenticity of group invitations through separate channels, and be wary of unexpected security alerts, especially those requesting authentication via PIN codes or one-time codes. Limiting device linking to only those that are absolutely necessary is also recommended as a best practice for safeguarding personal information.
Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages
Updated November 25 with a new warning from America’s Cyber Defense Agency, CISA, regarding how spyware is targeting users of instant messaging applications, as well as further comments from malware experts regarding the Sturnus threat from hackers impacting all secure messenger users.
In an era where confidentiality is paramount, the encrypted instant messages exchanged through applications like Signal, Telegram, and WhatsApp have become a sanctuary for secrets—be it for government entities, multinational corporations, or everyday consumers. However, a new and alarming threat has emerged, specifically targeting Android smartphone users, which effectively undermines the very encryption designed to protect our private communications. Enter the Sturnus trojan, a sophisticated piece of malware that poses a significant risk to users.
These Hackers Can Read Your ‘Private’ Instant Messages
Security researchers from ThreatFabric have identified Sturnus as a banking trojan that transcends the typical capabilities of such malware. While it can seize control of devices and extract banking credentials, its most concerning feature is its ability to bypass encrypted messaging. According to ThreatFabric’s analysis, Sturnus is still in a developmental or limited testing phase, yet its implications are profound. The good news is that the encryption of apps like Signal and WhatsApp remains intact; the attackers have not cracked the encryption itself. Instead, they have devised a method to capture messages after they have been decrypted and displayed on the smartphone screen.
This situation serves as a timely reminder of the vulnerabilities that can arise even in seemingly secure environments. Users should remain cautious about downloading apps from untrusted sources, as Sturnus has been distributed through what appears to be legitimate updates, such as those for Google Chrome.
Security Expert Reveals Threat From Hackers Posed To All Organizations By The Sturnus Trojan
Aditya Sood, vice president of security engineering and AI strategy at Aryaka, articulated the unique threat posed by Sturnus in an email, emphasizing its capability to utilize a combination of plaintext, RSA, and AES-encrypted communication with its command and control (C2) server. This sophisticated blend allows Sturnus to integrate seamlessly into normal network patterns, effectively concealing its commands and stolen data from security systems.
Sood elaborated on the implications of this advanced evasion technique, noting that it complicates efforts to inspect Sturnus’ network traffic or recover stolen data. His warning extends beyond individual consumers, highlighting the potential risks for organizations that utilize end-to-end encrypted platforms like Signal for sensitive communications. The ability of Sturnus to extract messages from these platforms could lead to significant security breaches across various industries.
Hackers Can Read Everything That Appears On Your Smartphone Screen
The report indicates that Sturnus employs Accessibility Service logging, enabling it to read everything displayed on the smartphone screen in real time—contacts, conversation threads, and the content of messages, both incoming and outgoing. This capability allows it to circumvent the protections offered by end-to-end encryption. As the researchers pointed out, a compromised device is inherently insecure; once a device is infiltrated, all sensitive exchanges become visible to the operator, stripping away any cryptographic safeguards.
To protect against such threats, users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and refrain from granting accessibility permissions unless absolutely necessary.
Cybersecurity And Infrastructure Security Agency Publishes New Warning As Hackers Target Messenger Apps With Spyware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the risks associated with messaging applications, highlighting the tactics employed by cyber threat actors who utilize commercial spyware. According to CISA, these actors employ sophisticated targeting and social engineering techniques to deliver spyware, gaining unauthorized access to victims’ messaging apps and facilitating further malicious payloads that can compromise mobile devices.
CISA outlined several familiar tactics used by these advanced hackers, including:
While the majority of users may not be the primary targets of such espionage attacks, the advice provided by CISA is applicable to everyone. Users should remain vigilant against social engineering tactics, verify the authenticity of group invitations through separate channels, and be wary of unexpected security alerts, especially those requesting authentication via PIN codes or one-time codes. Limiting device linking to only those that are absolutely necessary is also recommended as a best practice for safeguarding personal information.