Earlier this year, Google announced plans to make sideloading apps significantly harder to do on the best Android phones. However, many Android owners did not welcome this controversial move.
Now though, fans of sideloading apps might want to reconsider thanks to a new malware strain that can bypass encrypted chats in apps like WhatsApp and Signal and targets financial apps. This new banking trojan, dubbed Sturnus, originates in malicious APKs.
How Sturnus works
According to ThreatFabric, Sturnus has been used in attacks in both Southern and Central Europe, which the cybersecurity firm claim suggests preparations for a “broader campaign.”
The malware apparently uses a “chaotic mix” of plaintext, RSA and AES communications that it switches unpredictably between while sending out simple and complex messages.
According to the researchers, they suspect the malware may be transmitted via rogue attachments in messaging apps. It propagates by disguising itself as fake versions of Google Chrome and other popular apps. From there, it then gains Admin rights on the phone which enables the malware to prevent itself from being uninstalled and locking the device.
While Sturnus is designed to get around encrypted conversations, it sends stolen data back to hacker-controlled servers using an encrypted 256-bit AES key.
Sturnus appears to be in its “pre-development” stages, but the researches say it could be used as for advanced attacks right now. Unfortunately, given how dangerous it ism the only way to prevent it at the moment is to avoid downloading APK files online to sideload Android apps.
A Google spokesperson told Android Authority that according to their detection programs, there are no malicious apps in the which Play Store contain Sturnus.
How to stay safe from Android malware
First of all, to avoid falling victim to Sturnus and other Android malware strains, you shouldn’t sideload apps on your devices.
Doing so puts you at serious risk of being plagued by malware, adware, spyware and other threats. Apps found in unofficial third-party app stores or downloaded as APK files don’t go through the same rigorous security checks as they would on the Google Play Store or other first-party stores like the Samsung Galaxy Store.
Beyond not sideloading apps, you also want to make sure that Google Play Protect is enabled on your Android smartphone or tablet. This pre-installed security app scans all of your existing apps and any new ones you download for malware and other threats. However, you should also consider running one of the best Android antivirus apps alongside it for extra protection.
Malicious apps are one the easiest ways for hackers and other cybercriminals to establish a foothold on your devices. So it’s up to you to carefully vet every app you install. Sticking to official, first-party app stores and limiting the number of apps installed on your phone should keep you relatively safe from Sturnus and other malware strains too.
Follow Tom’s Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
