New Nexus Android Banking Trojan Targeting 450 Financial Apps

The Emergence of Nexus Trojan Threat

Recently, a new Android Trojan threat has emerged that is capable of stealing passwords from almost 450 banking applications. The malware has been named Nexus and has already been injected into the Google Play Store ecosystem. Being distributed using a Malware-as-a-Service (MaaS) model, Nexus poses a serious threat to smartphone users.

The Capabilities of Nexus Trojan

Nexus is designed to operate stealthily and can hide from detection, evade security measures, intercept sensitive data, and steal login credentials, credit card details, and other financial information. It can also intercept both 2FA codes received through text messages and those generated by the Google Authenticator app. Once installed on the device, the trojan can perform overlay attacks on banking apps and steal user’s username and password.

Moreover, it includes keylogger functionality that can capture any passwords entered or autofilled on a user’s phone. The latest version of Nexus has the ability to delete text messages received on the infected device and update itself regularly by pinging a cybercriminal-controlled command-and-control server.

The Distribution Method of Nexus Trojan

Nexus is being distributed through phishing pages disguised as legitimate websites of YouTube Vanced, which is a modified version of YouTube. Once installed, Nexus can drain and steal from bank accounts of victims by performing overlay attacks and using a keylogger to steal passwords. Users are being warned to be cautious of third-party apps, only download apps from official app stores, check app ratings and reviews before downloading them, and research the app and developer before downloading anything.

Protecting Against Nexus Trojan

To stay safe from Nexus or other malicious malware threats, it is advisable to have good antivirus software installed on all devices. Users should also be cautious about third-party apps and always make sure to download apps from official app stores such as Google Play Store. Additionally, users should check app ratings and reviews and research the app and developer before downloading anything.

It is also suggested that users should never download and install apps from unknown sources, never download any apps from third-party app stores, not open any links from text messages, and install antivirus and anti-malware software on their smartphones. Bad apps can still slip through official app stores, so users must be cautious when installing any new app.

Enabling Google Play Protect is also advised to help protect devices from Android malware. Consider installing an Android antivirus app for an additional layer of protection.

Conclusion

In conclusion, Nexus Trojan is a new Android banking trojan capable of targeting almost 450 banking and financial apps. It is being distributed using phishing pages disguised as legitimate websites and can hide from detection once installed on a device. To protect against Nexus and other malicious malware threats, it is recommended to avoid sideloading apps, only use official app stores, enable Google Play Protect feature and install an antivirus software for smartphone devices.

Image Source: Wikimedia Commons