Sturnus: New banking trojan detected in Android phones

While platform owners such as Google, Apple, Microsoft have huge responsibility to safeguard their customers from malware-laced apps entering Google Play , Apple App Store and Windows Store, the customers should also follow basic digital hygiene while browsing online, or else risk paying dearly.

In the latest instance, cyber security firm ThreatFabric in collaboration with MTI researchers, have detected a deadly banking trojan called Sturnus on Android phones.

.Best of 2025: Top Android apps in India. Naive people unknowingly have installed third-party apps laced with Sturnus malware from compromised websites. Once installed, it has been found to bypass Android security and is capable of taking over the phone.

Also, the rogue apps are capable of recording messages received on Telegram, WhatsApp and even Signal in addition to secretly tracking financial apps to steal bank account credentials.

As per the report, the threat actors have deployed the malware in southern and Central Europe.

“Sturnus represents a sophisticated and comprehensive threat, implementing multiple attack vectors that provide attackers with near-complete control over infected devices. The combination of overlay-based credential theft, message monitoring, extensive keylogging, real-time screen streaming, remote control, device administrator abuse, and comprehensive environmental monitoring creates a dangerous threat to victims' financial security and privacy,” said ThreatFabric.

Google has advised Android phone users to be cautious when installing Android Package Kit (APK)s from unknown app developers. Instead, always install apps from Play Store.

Here’s how to protect yourself from such fake apps online:

1) Avoid installing apps from third-party websites

2)Never click on URLs sent in messages or emails from unknown people. Even if it is sent by a known person, be very cautious

3) Never share personal information or any OTP with strangers, even if they claim to be from an e-commerce app executive or bank official or even from the Income Tax department.

4) Always download official bank or mobile wallet apps from Google Play and Apple App Store only

5) If you receive any calls from an executive representing a bank or Income Tax, or the Police and ask for personal details, just disconnect it

6) Install an anti-virus app from prominent publishers such as ThreatFabric, McAfee, Kaspersky and others to secure your phone from malware and also potential scams in emails or messages

.Best of 2025: Top gaming Android apps on Google Play Store. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

Sturnus: New banking trojan detected in Android phones

Follow us on :

Follow Us