A new Android trojan could bypass WhatsApp, Signal and Telegram encryption steal your money: Here's how it works
Posted on: Nov 25, 2025 23:00 IST | Posted by: Livemint
A young typewrite of mechanical man banking dardan has emerged that tin bypass encrypted messaging apps like WhatsApp, Telegram and Signal to steal users’ banking credentials. As per security researchers at ThreatFabric, the new trojan, called Sturnus, possesses dangerous abilities even though it is still in its testing phase.
The researchers warn that Sturnus has already been configured with targets against financial institutions across Southern and Central Europe, suggesting that preparations for a broader campaign are underway. The malware is also said to be more advanced than current and more established malware families in areas like communication protocol and device support.
The name “Sturnus” was inspired by Sturnus vulgaris (the European Starling), a medium-sized passerine bird known for its rapid, irregular vocal patterns. Researchers drew the parallel because the malware’s communication protocol switches unpredictably between simple and complex messages, resembling the bird’s rapid, irregular chatter.
How does Sturnus work?
As mentioned earlier, Sturnus possesses the ability to bypass end-to-end encryption on messaging apps like WhatsApp, Signal and Telegram. The malware does not “hack” the encryption protocol itself but instead abuses the Accessibility Services settings on Android.
Sturnus reads the messages directly from the user’s screen after the phone decrypts them. This means it can monitor incoming and outgoing messages in real time and view information like contact lists and full conversation threads.
The researchers say that Sturnus “monitors the foreground app and automatically activates its UI-tree collection whenever the victim opens encrypted messaging services such as WhatsApp, Signal or Telegram.”
Sturnus disguises itself as legitimate apps like “Google Chrome’’ or “Preemix Box’’ in order to trick users into installing it.
How does it commit financial fraud?
Researchers explain that Sturnus is designed to commit financial fraud using two primary methods:
1) Fake login screens
Attackers show a fake banking screen on top of the legitimate app. So when the user types their username and password, they are actually giving them to the attackers and not the bank.
2) The “Black Screen’’ attack
When hackers want to perform a transaction remotely on the victim’s device, they trigger a “Black Screen’’ overlay where the user’s phone goes dark, making them believe the device is turned off or sleeping. Instead, the hackers operate the phone in the background and drain the funds without the victim realising what is happening.
Sturnus can fight back
The researchers also warned that Sturnus is programmed to stay on the victim’s phone aggressively by using the device’s Administrator privileges to prevent uninstallation.
The malware constantly checks battery levels, sensors and network status to determine if it is being analysed by security researchers. If it thinks it is being watched, it may hide its behaviour.
Moreover, if the user tries to uninstall the app or revoke its permissions in settings, the malware detects this and automatically clicks ‘back’ or closes the window.
“Sturnus maintains extensive situational awareness through a broad environmental monitoring subsystem designed to ensure long-term resilience on the device,” the researchers warned.
Global News Perspectives
In today's interconnected world, staying informed about global events is more important than ever. ZisNews provides news coverage from multiple countries, allowing you to compare how different regions report on the same stories. This unique approach helps you gain a broader and more balanced understanding of international affairs. Whether it's politics, business, technology, or cultural trends, ZisNews ensures that you get a well-rounded perspective rather than a one-sided view. Expand your knowledge and see how global narratives unfold from different angles.
Customizable News Feed
At ZisNews, we understand that not every news story interests everyone. That's why we offer a customizable news feed, allowing you to control what you see. By adding keywords, you can filter out unwanted news, blocking articles that contain specific words in their titles or descriptions. This feature enables you to create a personalized experience where you only receive content that aligns with your interests. Register today to take full advantage of this functionality and enjoy a distraction-free news feed.
Like or Comment on News
Stay engaged with the news by interacting with stories that matter to you. Like or dislike articles based on your opinion, and share your thoughts in the comments section. Join discussions, see what others are saying, and be a part of an informed community that values meaningful conversations.
Download the Android App
For a seamless news experience, download the ZisNews Android app. Get instant notifications based on your selected categories and stay updated on breaking news. The app also allows you to block unwanted news, ensuring that you only receive content that aligns with your preferences. Stay connected anytime, anywhere.
Diverse News Categories
With ZisNews, you can explore a wide range of topics, ensuring that you never miss important developments. From Technology and Science to Sports, Politics, and Entertainment, we bring you the latest updates from the world's most trusted sources. Whether you are interested in groundbreaking scientific discoveries, tech innovations, or major sports events, our platform keeps you updated in real-time. Our carefully curated news selection helps you stay ahead, providing accurate and relevant stories tailored to diverse interests.
No comments yet.