A new threat named Sturnus is targeting Android users who use WhatsApp, Telegram, and Signal, according to cybersecurity experts at Threat Fabric. The Trojan, discovered by MTI Security researchers, enables hackers to take remote control of devices, monitor user activities, and carry out unauthorized transactions, potentially exposing private chats, stealing banking credentials, and login information.
Sturnus is designed to bypass encrypted messaging apps like WhatsApp, Telegram, and Signal, allowing cybercriminals to intercept decrypted content from the device screen. While the malware is still in its early stages and has not infected a large number of devices, users are advised to remain vigilant as it poses a serious threat if widely distributed.
Threat Fabric highlighted that Sturnus is a sophisticated threat capable of various malicious activities such as overlay-based credential theft, message monitoring, keylogging, screen streaming, remote control, and device administrator abuse. To protect against such threats, users are recommended to install apps only from the official Google Play Store, avoid sideloading software, and review app ratings before installation.
Although Sturnus is a new threat, its advanced capabilities raise significant concerns about users’ financial security and privacy.