Android malware is evolving rapidly, with the latest threat, Sturnus, bringing significant concern to IT leaders and managed service providers. This banking trojan goes beyond traditional financial theft, now targeting the exfiltration of chat messages from end-to-end encrypted apps such as Signal, WhatsApp, and Telegram. The private messages you assumed were protected may not be as safe as you believed.
Typically, banking malware focuses on financial credentials, yet Sturnus demonstrates a disturbing level of versatility. In addition to credential theft, it stealthily monitors and captures communications from platforms acclaimed for their rigorous encryption standards. For those charged with organisational security, this marks a shift: the threat now encompasses not only financial loss, but also the loss of privacy and control over devices central to business operations.
What sets Sturnus apart is its capacity to extract chat messages from Signal, WhatsApp, and Telegram—an ability previously considered out of reach due to these apps’ strong encryption. The malware also facilitates full remote control of infected devices, granting attackers access to files, keyboard inputs, and even interception of two-factor authentication codes. The danger has expanded well beyond banking details to include internal business communications, sensitive client information, and authentication tokens.
The best defence remains prevention, especially for those managing Android devices or operating within BYOD (Bring Your Own Device) frameworks. Ensure devices are consistently updated and that mobile endpoint patching is treated as a priority. Scrutinise app permissions rigorously—evaluate whether it is truly necessary for staff to access multiple chat platforms on corporate-issued devices. Heighten user education surrounding suspicious attachments and non-validated app downloads, as humans are often the weakest link in security chains. No enterprise, regardless of size, should be complacent; consider the deployment of mobile threat defence tools to provide an additional layer of protection.
Sturnus is a clear reminder that security must reach beyond shielding financial assets to safeguarding digital conversations, which underpin modern business. Compliance-focused organisations especially should note that breaches involving encrypted communications have repercussions extending to reputation and regulatory standing. For all, vigilance, regular patching, and a mobile security strategy that meets today’s dynamic threat landscape are paramount.
Original story: BleepingComputer
