Main Technology New Sturnus Android trojan found — how to protect your data

New Sturnus Android trojan found — how to protect your data

29 November 2025 21:02
A smartphone in hand. Photo: Unsplash
Lana Matias
Editor

A new type of Android malware has been detected in Europe that can secretly monitor encrypted chats and steal data from banking applications. Users who install apps from APK files outside Google Play become vulnerable.

This is reported by Android Authority.

What is known about Sturnus and Google’s position

Researchers have discovered a new Android trojan, Sturnus, which abuses the accessibility system and gains extended permissions to view everything that happens on the smartphone screen. It does not break messenger encryption directly — instead, it simply "sees" the screen content, including conversations in WhatsApp, Telegram, Signal, and other applications.

The malware enters the device through the installation of an APK file, after which it begins tracking the interface, conversations, and even button presses. Particularly dangerous is its ability to recreate the screens of banking apps using HTML overlays: the user believes they are entering their login and password into the real app, while in reality transferring them to the attackers. It can also display fake "Android update" windows, covering the real interface and masking its activity.

Masking of the Sturnus trojan on Android. Photo: ThreatFabric

Google stated that no known sample of this malware has been detected in Google Play. According to company representatives, Android users are automatically protected from known versions of Sturnus thanks to Google Play Protect, which is enabled by default on devices with Google Play Services.

Can you protect yourself from Sturnus

According to researchers, even in its "pre-release" state, Sturnus is already complex and flexible enough to be used as a powerful tool for attacks on banking services and Android users. The problem is that the main attack vector — installing APK files outside the official store — cannot be fully blocked if the user agrees to such actions.

Experts acknowledge that there is currently no reliable way to fully prevent such attacks. The most effective protection is to avoid downloading and installing APK files from third-party websites and unknown sources as much as possible.

Read more:

Unlock every AirPods feature on your Android — here's how

Why you should restart your smartphone at least once a week

Stop wasting your Android's power — try these hidden tools