Android Malware Alert: Nexus Trojan Drains Your Bank Account!

It was the CRIL laboratory, for Cyble Research and Intelligence Labs, which discovered this new virus circulating on the Net. In an article dated March 9experts detail how a new trojan, Nexus Android Banking, infects devices with the aim of recovering banking data as well as access to online accounts.

Banks targeted

Researchers discovered this malware very simply. On a Russian hacking forum, an advertisement was posted for a new trojan project compatible with Android, up to version 13. Like most banking malware, this tool is distributed as “malware-as-a-Service”, that is, the hacker pays for access to the trojan. Here, for $3,000/month, you can afford Nexus access. It’s up to you to cover your costs…

Once deployed, Nexus attacks the infected device with the Overlay Attacks method. This is a process where the hacker pops an interface on top of a healthy Android app. The infected UI will then trap the user, in particular by recovering the information entered on the screen. The data is then connected and sent to the hacker via a remote server.

Nexus Android malware targets 450 financial applications. Read the #technews here: https://t.co/OJ7aq9a5g6 #android #banking #cybersecurity #fintech #malware

— TechRepublic (@TechRepublic) March 30, 2023

For information, these so-called “Overlay” attacks only concern Android smartphones, using the SYSTEM_ALERT_WINDOWS OS permission, activated by default if an application is downloaded via the Play Store. A perfect system for stealing bank data.

A trojan that does not target certain countries

Surprisingly, the Nexus trojan does not attack all countries. Thus, the Italian experts from Cleafy, a cybersecurity company that carried out an investigation into this virus, discovered an astonishing fact. The executable contains geographical constraints. The malware will thus ignore Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine and Indonesia. A very selective trojan then!

We repeat it once again: malware of all kinds circulates a lot on the Web and your smartphone is a target of choice! Be careful in your downloads, equip yourself with an antivirus and control the URLs on which you click!