What you need to know
- A new malware called Sturnus spreads through sideloaded APKs and can steal chats, banking info, and device control.
- The malware reads decrypted chats, creates fake banking overlays, and can remotely access your Android device.
- Sturnus disguises itself with fake Android update screens, and users in Europe have already fallen victim to it.
A recently identified malware, known as Sturnus, poses a significant threat to Android users by infiltrating devices via sideloaded APKs. This malicious software has the capability to seize control of your device, access private conversations, and pilfer sensitive banking information. Despite Google’s ongoing enhancements to security features on Android and Pixel devices, the emergence of such sophisticated threats continues to challenge users.
Security researchers have highlighted Sturnus’s alarming ability to bypass existing protective measures. Once installed, the malware can read decrypted WhatsApp chats directly from the screen, creating a window into users’ private communications. Furthermore, it can generate convincing fake overlays that mimic legitimate banking applications, thereby tricking users into divulging confidential information. The malware’s reach extends to executing device-level attacks, allowing it to remotely commandeer your phone.
New Android malware uses overlays to steal your data
To enhance its deceptive nature, Sturnus cleverly fabricates fake Android update screens, lending it an air of authenticity that can easily mislead unsuspecting users. Reports indicate that individuals in South and Central Europe have already been ensnared by this insidious malware.
The primary vector for Sturnus’s spread appears to be through attachments sent via messaging applications. Once the app is installed, it masquerades as a legitimate application—such as Chrome or Gmail—and exploits Accessibility settings, including “Draw over other apps.” This allows it to read screen content, record activity, and impose overlays on banking applications.
Fortunately, Google has reassured users that no instances of this malware have been detected within the Google Play Store, thanks to the vigilant efforts of Play Protect, which continuously scans all applications, including those sourced from third-party platforms. Nonetheless, this situation serves as a crucial reminder for users to exercise caution when downloading and installing any APKs on their devices.
