We do a lot of things on our mobile phones these days. This includes work, where we communicate with our colleagues on potentially top-secret information. We also use it for banking purposes, we can trade shares, buy or sell crypto, and more. This is why it is paramount that you keep your phone safe, especially with a newly-discovered Android trojan called Sturnus that is making its rounds .
What makes Sturnus different from other malware
The Sturnus Android trojan represents an evolution in mobile threats . Unlike previous Android banking trojans that intercept network traffic, Sturnus takes a different approach. It takes advantage of Android’s Accessibility Service to log everything visible on your screen. We’re talking about messages from WhatsApp, Telegram, and Signal.
While these messaging apps use end-to-end encryption, Sturnus doesn’t need to break that encryption. Instead, it simply reads messages after they’re displayed on your screen, rendering claims about end-to-end encryption practically useless. The malware can also steal banking credentials through fake HTML overlay screens, record all keyboard input, and even take full remote control of your device through screen streaming.
According to MTI Security researchers , Sturnus remains under development but has already targeted financial institutions across Southern and Central Europe. The trojan monitors SIM changes, tracks app installations, and blocks removal attempts to maintain persistence on infected devices.
How to protect yourself from Sturnus
So, now that you’re aware of Sturnus, how do you protect yourself from it? Luckily, it’s not too hard. Protecting yourself from the Sturnus Android trojan follows the same principles as avoiding other forms of Android malware.
Firstly, only download apps from the Google Play Store. Most malware infections occur when users sideload apps from untrusted sources or fall victim to phishing attempts. This isn’t to say third-party stores are dangerous or the Play Store is 100% malware-free , but it’s often safer than downloading from a suspicious website.
Next, you should be wary of any app requesting Accessibility Service permissions. Unless it’s a legitimate accessibility tool, granting this permission level gives apps extensive control over your device. Last but not least, be sure to keep your phone updated. Manufacturers regularly release security patches that fix vulnerabilities that malware exploits.
