Sturnus hacks communication
A new Android banking malware dubbed Sturnus can hack interactions from entirety via encrypted messaging networks like Signal, WhatsApp, and Telegram, as well as take complete control of the device.
While still under growth, the virus is fully functional and has been programmed to target accounts at various financial institutions across Europe by employing “region-specific overlay templates.”
Attack tactic
Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication with the command-and-control (C2) server, making it a more sophisticated threat than existing Android malware families.
Sturnus may steal messages from secure messaging apps after the decryption step by recording the content from the device screen, according to a research from online fraud prevention and threat intelligence agency Threatfabric. The malware can also collect banking account details using HTML overlays and offers support for complete, real-time access through VNC session.
Malware distribution
The researchers haven’t found how the malware is disseminated but they assume that malvertising or direct communications are plausible approaches. Upon deployment, the malware connects to the C2 network to register the target via a cryptographic transaction.
For instructions and data exfiltration, it creates an encrypte
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: