Skip to content

Nexus Android banking trojan targets 450 financial apps

An Android banking trojan named Nexus is being used by multiple threat actors to target 450 financial applications, cybersecurity firm Cleafy has warned.

The malware appears to still be in its early stages of development, but it offers several features to perform account takeover (ATO) attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. Nexus, which was advertised as a subscription service to its clientele for a monthly fee of $3,000, overlaps with another banking trojan named SOVA, reusing parts of its source code and incorporating a ransomware module under active development.

There are indications that the malware may have been used in real-world attacks as early as June 2022, six months before its official announcement on darknet portals.

Nexus is capable of reading two-factor authentication codes and performing overlay attacks and keylogging to steal user credentials.

The malware authors have laid out rules prohibiting the use of their malware in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

Bullet points:

  • Nexus, an Android banking trojan, is being used by several threat actors to target 450 financial applications, according to cybersecurity firm Cleafy.
  • The malware is still in its early stages of development, but it offers features to perform account takeover attacks against banking portals and cryptocurrency services.
  • Nexus overlaps with another banking trojan named SOVA and incorporates a ransomware module under active development.
  • The malware may have been used in real-world attacks as early as June 2022, six months before its official announcement on darknet portals.
  • Nexus is capable of stealing user credentials through overlay attacks and keylogging and can read two-factor authentication codes.
  • The malware authors have laid out rules prohibiting the use of their malware in several countries.

Leave a Reply

Your email address will not be published. Required fields are marked *