Security News > 2023 > March > Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps
An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.
"Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."
It's also said to overlap with another banking trojan dubbed SOVA, reusing parts of its source code and incorporating a ransomware module that appears to be under active development.
A point worth mentioning here is that Nexus is the same malware that Cleafy initially classified as a new variant of SOVA in August 2022.
Interestingly, the Nexus authors have laid out explicit rules that prohibit the use of its malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia.
The malware, like other banking trojans, contains features to take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users' credentials.
News URL
https://thehackernews.com/2023/03/nexus-new-rising-android-banking-trojan.html
Related news
- PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks (source)