Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

2023-03-23 11:55

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.

"Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."

It's also said to overlap with another banking trojan dubbed SOVA, reusing parts of its source code and incorporating a ransomware module that appears to be under active development.

A point worth mentioning here is that Nexus is the same malware that Cleafy initially classified as a new variant of SOVA in August 2022.

Interestingly, the Nexus authors have laid out explicit rules that prohibit the use of its malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

The malware, like other banking trojans, contains features to take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users' credentials.

News URL

https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html

#android #banking #financial #nexus #trojan

News URL

Related news