A new Android banking trojan that can target 450 banking and financial apps is being used by cybercriminals.

While the new Nexus trojan is still in the early development stage, a report from Cleafy — a cybersecurity firm based in Italy — already put a spotlight on the serious threat it could bring to Android users.

Related

Once an Android device is infected, cybercriminals can take advantage of its capabilities to take over the user’s account. How? Well, other than stealing passwords, Nexus can also intercept both two-factor authentication (2FA) codes that were sent via texts and even the codes from the Google Authenticator app. Now that’s scary.

Much like similar malware we’ve seen before, Nexus was able to do it by abusing the accessibility services of Android devices.

The security researchers from Cyble said that the Nexus trojan is being spread through phishing pages disguised as legitimate websites of YouTube Vanced.

Further details about the Nexus state that it works on Android versions up to the latest one, Android 13. Plus, it is being distributed as a Malware-as-a-Service model where hackers have to pay other hackers to access the malware.

The trojan also operates using overlay attacks, which essentially puts an overlay of a fake version on top of the real banking app to steal login data. It also has a keylogger that can record any password that the user may type or use autofill on.

While it’s still early to create substantial damages, the Nexus banking trojan surely has the potential to become disastrous and hopefully, Google is already working to fight it.

To keep yourself safe, it’s best to stop sideloading apps and make sure that Google Play Protect is always enabled on your device. As an extra measure, it’s also best to run a virus scan on your device.

Via: Tom’s Guide

Join the Conversation

1 Comment

Your email address will not be published. Required fields are marked *