Technology News
English Edition
  • Home
  • Mobiles
  • Mobiles News
  • Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report

Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report

Sturnus, an Android banking trojan, was reportedly spotted by MTI Security researchers.

Written by Dhruv Raghav, Edited by Rohan Pal | Updated: 26 November 2025 11:04 IST
Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report

Photo Credit: Unsplash/ Desola Lanre-Ologun

Researchers warn Android users of wider, large scale Sturnus attacks

Click Here to Add Gadgets360 As A Trusted Source As A Preferred Source On Google
Highlights
  • Sturnus can read a user’s chats without breaking encryption
  • Sturnus is identified to be a private Android Trojan malware
  • The malware can black out a user’s screen
Advertisement

Android devices are vulnerable to a newly-found malware, dubbed Sturnus, which can access a user's banking credentials, according to a report citing cybersecurity researchers. It is also said to be capable of reading a user's end-to-end encrypted chats on various instant messaging services, like WhatsApp, Telegram, and Signal, without breaching the encryption code. Termed as an Android Banking Trojan, the malware is primarily targeting users in Southern and Central European countries, the report added. However, Google has yet to release a new security patch that would fix the vulnerabilities being leveraged by the trojan.

Sturnus Can Create a Fake Login Page to Access a User's Banking Credentials

ThreatFabric, a publication that focuses on cyberattacks and software vulnerabilities, reports that MTI Security researchers have identified a new Android Banking Trojan, called Sturnus. The malware is capable of replicating the login pages of various banking apps on a user's phone, compelling them to log in to steal their banking credentials. Moreover, it grants “extensive remote” access to the attackers, which allows them to “observe all user activity”.

Sturnus also enables the bad actors to “inject” text without being in physical contact with the Android device. They can also remotely black out the screens of devices to “execute fraudulent transactions in the background”. By making the screen blank, a user does not get to know about said transactions till the money has actually been transferred to an account.

Another concerning factor is that Sturnus can give attackers access to a user's end-to-end encrypted messages. The malware does not need a key to decrypt codes, as it can read the messages after they have been decrypted by capturing the screen of an Android device. It can reportedly “monitor communications” done through WhatsApp, Telegram, and Signal. All three apps provide end-to-end encryption, claiming that even they can't access a user's messages.

The report added that Sturnus' makers are primarily targeting victims in Southern and Central European countries. The researchers believe that the Android Banking Trojan is still in its early stages, and the attackers could still be evaluating and tuning the malware, as only a “few” victims have been spotted so far. The bad actors are reportedly conducting “short, intermittent” attack campaigns. However, the researchers warn that there could be large scale and widespread attacks soon.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Sturnus Malware, Sturnus, Cyberattack, Trojan, Android phones, Android, Google
Dhruv Raghav
Dhruv Raghav
Dhruv Raghav is currently working as a Senior Sub Editor at Gadgets360. He has previously covered the North American financial markets as a Headline News Correspondent for a major news agency. After taking a sabbatical to prepare for the Civil Services examination, he returned to journalism to cover tech policy, with a special focus on AI laws and online gaming regulation. Now, he is back in Gadgets360 to write features and edit stories. To unwind, he likes to spend time with his PS5, listening ...More
OnePlus Nord 4 Gets OxygenOS 16 Update in India With New Customisation Options, AI-Powered Features
Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQOO 15 Launch Today: From Price to Features, Everything You Need to Know
  2. Poco F8 Series Launch Today: Know Price, Specs and More
  3. After ChatGPT, Copilot AI Chatbot is Leaving WhatsApp Next Year
  4. Realme Watch 5 India Launch Teased; Will Be Available via This Platform
  5. Vivo X300 FE, OnePlus 15s Tipped to Launch in India Soon
  6. Google Enhances Circle to Search With AI Mode for Additional Questions
  7. OnePlus Rolls Out OxygenOS 16 Update for Nord 4 With These Features
  8. OnePlus Ace 6T Key Specifications Confirmed Ahead of China Debut
  9. Realme GT 8 Pro, GT 8 Pro Dream Edition Go on Sale in India: Price, Offers
  10. Oakley Meta Glasses Set to Go on Sale in India in December at This Price
#Latest Stories
  1. Realme P4x 5G India Launch Date Set for Early December, Will Debut Alongside Watch 5
  2. Android Devices Vulnerable to New ‘Sturnus’ Malware That Attacks Bank Apps, Bypass E2E Encryption: Report
  3. OnePlus Nord 4 Gets OxygenOS 16 Update in India With New Customisation Options, AI-Powered Features
  4. Mysterious New Snapdragon 8s Gen 4 Phone Leaks Online; Tipped to Get 9,000mAh Battery
  5. Google Updates Circle to Search Feature With AI Mode for Additional Questions
  6. Microsoft’s Copilot AI Chatbot to No Longer Be Available on WhatsApp Next Year
  7. Poco F8 Series Launching Today: Know Price, Features, Specifications and More
  8. iQOO 15 Launching Today: Know Price in India, Features, Specifications and More
  9. Missing: Dead or Alive Season 2 OTT Release on Netflix: Everything You Need to Know
  10. 3 Roses Season 2 OTT Release: Know When and Where to Watch This Telugu Series Online
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »