Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    New Nexus trojan targets 450 financial apps and is taking over bank accounts

    alf9872000

    By alf9872000,
    Published Date:

    • 271 views
    • 4 minutes
     Share
    • 271 views
    • 4 minutes

    How to stay safe from this new Android banking trojan

     

    Cybercriminals are now using a new Android banking trojan capable of targeting 450 different banking and financial apps.

     

    While the Nexus banking trojan may still be in the early development stage, a new report(opens in new tab) from the Italian cybersecurity firm Cleafy has highlighted the serious threat it poses to Android smartphone users.

     

    If one of the best Android phones is infected with Nexus, cybercriminals can use the banking trojan’s capabilities to perform account takeovers, as it not only steals passwords from banking apps but can also intercept both two-factor authentication (2FA) codes sent via text and even codes from the Google Authenticator app. Like other similar malware, it does this by abusing Android’s accessibility services.

     

    In a blog post(opens in new tab) from the threat intelligence firm Cyble released earlier this month, its security researchers detailed how Nexus is being distributed through phishing pages disguised as legitimate websites of YouTube Vanced, which is a modified third-party version of the popular online video platform.

     

    Even though it’s still in its early days, Nexus is a banking trojan to keep an eye on as it already has pretty impressive abilities and will likely only improve further as development on it continues.

    Malware-as-a-service

    rjvaLaDqTmZTLZ7RKhKSUB-970-80.jpg

     (Image credit: solarseven/Shutterstock)

     

    The Nexus banking trojan was first discovered in an advertisement on a Russian cybercrime forum which explained that it is a new project which is compatible with Android versions up to Android 13.

     

    Just like with other banking trojans, it’s being distributed using a Malware-as-a-Service model where hackers pay other hackers for access to the malware. However, as The Hacker News(opens in new tab) points out, its creators have included explicit rules that prevent it from being used in the following countries: Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

     

    The way in which Nexus is able to steal and drain the bank accounts of victims is by performing overlay attacks. For those unfamiliar, these kinds of attacks involve putting an overlay or a fake version on top of a legitimate banking app. Victims go to login to their accounts as they normally do but the overlay captures their username and password. Likewise, Nexus also includes a keylogger to steal any passwords a user may type in or autofill on their phone.

     

    In the latest version of Nexus, the banking trojan can now erase text messages received on an infected device, stop its 2FA stealer module and periodically update itself by pinging a cybercriminal-controlled command-and-control (C&C) server.

    How to stay safe from Android malware

    MRUEsvBrdDnwpsDgw3GGzh-970-80.jpg

     (Image credit: Google)

     

    When it comes to the Nexus banking trojan and other Android malware, the first way that you can protect your devices and the data they contain is by not sideloading apps. While it may be convenient to install an app without going through an official app store like the Google Play Store, this also puts you at risk as you have no idea what its APK installation file may actually contain.

     

    At the same time, you want to make sure that Google Play Protect is enabled on your Android smartphone as it scans any new apps you install as well as your existing apps for malware. For additional protection though, you may also want to install one of the best Android antivirus apps

     

    Even if you only download apps from official sources, there’s still a chance that you may accidentally install a malicious app. Bad apps manage to slip through the cracks from time to time which is why you should always be careful when installing any new app. Read reviews, do your research and if an app seems too good to be true, it probably is.

     

    Since the Nexus banking trojan is still being actively developed and likely bringing in quite a lot of money for its creators, this likely isn’t the last time we’ll hear about it, especially as new capabilities are added to it.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...