This new Android malware can control your phone and swipe your banking data

News
By published

The Sturnus malware spreads through sideloaded APKs and uses fake update screens to trick Android users.

Play Protect on the Google Play Store
(Image credit: Android Central)

What you need to know

  • A new malware called Sturnus spreads through sideloaded APKs and can steal chats, banking info, and device control.
  • The malware reads decrypted chats, creates fake banking overlays, and can remotely access your Android device.
  • Sturnus disguises itself with fake Android update screens, and users in Europe have already fallen victim to it.
Disclaimer

Enjoy our content? Make sure to set Android Central as a preferred source in Google Search, and find out why you should so that you can stay up-to-date on the latest news, reviews, features, and more.

A new type of malware that can enter your phone through sideloaded APKs and take control of your device, access your chats, and even steal your banking information has been spotted by security researchers.

While Google has improved theft protection and spam detection on Android and Pixel phones, new malicious software still appears from time to time using different methods to infiltrate devices.

Now, security researchers at MTI Security have identified a new malware called "Sturnus" (via Android Authority) that can bypass security measures and compromise your Android phone in a dangerous way.

According to the report, the malware gains access to chats on platforms like Telegram and WhatsApp by reading the screen after chats have been decrypted and opened on your phone.

It can also create fake overlays over banking apps with high-quality detail to trick you into entering sensitive information. The malware can even launch device-level attacks to remotely take control of your phone.

New Android malware uses overlays to steal your data

How Sturus works on device

(Image credit: ThreatFabric)

To appear more trustworthy, the malware can generate fake Android update screens to seem legitimate. Some users in South and Central Europe have reportedly already fallen victim to this dangerous malware.

For those wondering how it spreads, the report claims it usually arrives as attachments sent over messaging apps. The app installs itself like a first-party app on Android, such as Chrome or Gmail, and then abuses Accessibility settings like "Draw over other apps" to read screen content, record screens, and create overlays on banking apps.

Thankfully, Google told the publication that no apps containing this malware were found on Google Play thanks to Play Protect working behind the scenes, which scans all apps, including those downloaded from third-party sources.

That said, this is still a reminder to think carefully before downloading and installing any APK on your device.

Sanuj Bhatia
Sanuj Bhatia
Contributor

Sanuj is a tech writer who loves exploring smartphones, tablets, and wearables. He began his journey with a Nokia Lumia and later dived deep into Android and iPhone. He's been writing about tech since 2018, with bylines at Pocketnow, Android Police, Pocket-Lint, and MakeUseOf. When he's not testing gadgets, he's either sipping chai, watching football, or playing cricket.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.