Sturnus is a newly identified Android banking trojan capable of bypassing encrypted messaging apps like WhatsApp, Telegram, and Signal. It monitors communications by capturing screen content, harvests banking credentials via fake login screens, and allows extensive remote control of infected devices, including real-time screen viewing and activity injections. Currently in a pre-deployment phase, it primarily targets users in Southern and Central Europe, focusing on high-value applications. The malware's architecture incorporates advanced evasion techniques, including code obfuscation and complex communication protocols, posing significant threats to financial security and privacy.
https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal

