Cybersecurity researchers have identified a new Android malware, dubbed Sturnus, that poses a significant threat to users’ banking credentials and end-to-end encrypted messaging apps, including WhatsApp, Telegram, and Signal.

According to ThreatFabric, the malware can compromise devices without breaching encryption codes, raising serious concerns about mobile security.

The malware, classified as an Android Banking Trojan, can replicate the login interfaces of legitimate banking apps, tricking users into entering their credentials. Once a victim logs in, attackers gain extensive remote access, allowing them to monitor user activity in real time.

Researchers note that Sturnus can also inject text and remotely black out device screens, enabling attackers to conduct fraudulent transactions undetected. By keeping the screen blank during these operations, users remain unaware of unauthorised transfers until after they are executed.

In addition to banking attacks, Sturnus can capture messages from apps like WhatsApp, Telegram, and Signal. The malware reads messages after decryption occurs on the device itself, circumventing the need to break encryption keys. This method allows attackers to monitor private communications, even on apps that claim end-to-end encryption.

Researchers report that Sturnus is currently targeting users in Southern and Central Europe. While the malware is still in its early stages, with only a few victims detected so far, cybersecurity experts warn that larger-scale attacks could follow as the malware is refined.

Google has not yet released a security patch addressing the vulnerabilities exploited by Sturnus, leaving Android users exposed to these sophisticated attacks. Users are advised to exercise caution, avoid clicking on suspicious links, and monitor banking apps for unusual activity.