This new Android trojan is targeting all your mobile bank accounts
Campaign is also expected to get more sophisticated
It’s not just legitimate companies looking to drive profitability through -aaS models, because this new MaaS (malware-as-a-service) subscription is offering cybercriminals the activity to rent access to a trojan that can steal your banking data.
The botnet, named Nexus, was first made available on a forum in January 2023 when it was described as a “very new” project which would be under “continuous development” - although it was available at a cost of $3,000 per month.
However, Italian cybersecurity firm Cleafy now says that it has been around since June 2022, and shares some code similarities with an Android banking trojan that emerged in mid-2021.
Android banking trojan
As part of the MaaS’s code of conduct, users are prohibited from using Nexus in Russia and other CIS states. The code indicates this, as it ignores Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, the Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.
It works by stealing passwords from banking apps, and even those secured with two-factor authentication (2FA) aren’t necessarily safe because certain accessibility features that expose SMS and Google Authenticator codes for ease of use can be accessed by the trojan.
Once Nexus is installed on an unsuspecting victim’s device, it connects to a C2 server and provides a C2 web panel for cybercriminals to carry out their attacks and receive stolen data.
Despite its similarities to a previous trojan, researchers have concluded that this represents a new attack operated by a different group. This, combined with its infancy and threat of continuous development, make it one worth keeping an eye on, while online banking customers are urged to ensure that their accounts remain protected by multiple layers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- Here are the best endpoint protection tools and best firewalls
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!