486/68 Tuesday, November 25, 2025
Cybersecurity researchers from ThreatFabric have announced the discovery of a new and highly sophisticated Android malware variant named “Sturnus” on November 20, 2025. It is classified as a high-risk threat due to its advanced capabilities, which surpass those of typical malware. The most alarming feature is its ability to completely bypass end-to-end encryption protections used by popular messaging apps such as WhatsApp, Telegram, and Signal. Sturnus achieves this by abusing the Accessibility Service to read chat messages directly from the device screen after they have been decrypted by the app, allowing attackers to view conversations in real time.
Beyond spying on private communications, Sturnus is designed to function as a full-scale Banking Trojan. It uses fake overlay screens to impersonate legitimate banking apps and steal login credentials, and employs keylogging to capture keystrokes, including device unlock PINs. One of the malware’s most dangerous abilities is remote control-it can turn the victim’s screen black to hide its activity while the attacker silently performs unauthorized financial transactions in the background.
Sturnus currently spreads through social engineering attacks, including phishing emails, SMS-based smishing, and malicious APK droppers that trick victims into installing apps from outside the Google Play Store. Once installed, the malware embeds itself deeply into the system by granting itself Device Administrator privileges, making removal or uninstallation extremely difficult. Although its initial targets are financial institutions in Europe, experts warn that Sturnus-combined with its sophisticated C2 communication and evasion capabilities—is fully equipped to expand its operations globally at any time.
Source https://hackread.com/sturnus-android-malware-whatsapp-telegram-signal-chats/
