What is the new Sturnus Android malware?

Sturnus is a new, sophisticated Android banking trojan capable of stealing banking credentials and messages by capturing them directly from the screen after decryption.

How does Sturnus steal my banking information?

Sturnus uses deceptive HTML overlays, aggressive keylogging via the Accessibility Service, and UI element monitoring to capture your banking credentials.

Can Sturnus malware read my encrypted messages?

Sturnus does not break encryption, but it captures messages from apps like WhatsApp and Signal once they are decrypted and displayed on your device's screen.

Home / Technology / Android Banking Malware Empties Accounts Silently

Android Banking Malware Empties Accounts Silently

24 Dec

•

Summary

New Sturnus malware captures decrypted messages directly from the screen.
It uses HTML overlays and keylogging to steal banking credentials.
The malware can block removal by taking Device Administrator privileges.

Android Banking Malware Empties Accounts Silently

A newly developed Android banking trojan, dubbed Sturnus, poses a significant threat by stealthily stealing banking credentials and personal data. This malware operates by capturing decrypted messages directly from the screen, circumventing end-to-end encryption. It employs deceptive HTML overlays that mimic legitimate banking applications to trick users into entering sensitive information, which is then forwarded to attackers.

Sturnus leverages aggressive keylogging through the Android Accessibility Service to record every keystroke and monitor app activity. Even when screenshots are blocked, it reconstructs user actions by tracking UI elements in real-time. The malware also steals chat messages from popular apps like WhatsApp, Telegram, and Signal after they are decrypted on the device, providing attackers with full visibility.