Security News > 2023 > March > Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.
"Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."
It's also said to overlap with another banking trojan dubbed SOVA, reusing parts of its source code and incorporating a ransomware module that appears to be under active development.
A point worth mentioning here is that Nexus is the same malware that Cleafy initially classified as a new variant of SOVA in August 2022.
Interestingly, the Nexus authors have laid out explicit rules that prohibit the use of its malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia.
The malware, like other banking trojans, contains features to take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users' credentials.
News URL
https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html
Related news
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- India's banking on the bank.in domain cleaning up its financial services sector (source)
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (source)
- Android financial threats: What businesses need to know to protect themselves and their customers (source)