Sturnus Trojan Bypasses Messaging App Security

26 Nov 2025

Sturnus, a newly identified Android banking trojan, can bypass protections of encrypted messaging apps by capturing decrypted messages. This impacts apps such as Signal, Telegram, and WhatsApp.

Malware Techniques and Risks

According to ThreatFabric, Sturnus targets the Android Accessibility Service to capture on-screen data, effectively sidestepping end-to-end encryption. Instead of network interception, Sturnus logs device activity, allowing full control over the device, harvesting banking details, and capturing real-time message data.

  • Sturnus uses a mix of plaintext, RSA, and AES encryption.
  • Communications are sent to a Matrix Push server.
  • Traditional detections are evaded by blending with normal network traffic.

Preventative Measures

The Cybersecurity and Infrastructure Security Agency (CISA) warns of spyware threats against encrypted messaging apps. Common delivery methods include phishing and zero-click exploits. CISA advises users to enable Google Play Protect, avoid unofficial app stores, and restrict Accessibility permissions.

  • Verify group invitations through separate channels.
  • Be cautious of unexpected authentication prompts.
  • Limit the number of linked devices.

Update: 26 Nov 2025

Top charts for Mobile Android

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7508631
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1735706
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
746794
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
497346
downloads

Comments (0)

No comments yet. Be the first to comment!