New Banking Trojan Puts Android Users at Risk
Security experts have uncovered a dangerous new banking trojan called Sturnus that is targeting Android smartphone users across India. This sophisticated malware disguises itself within fake applications and poses a significant threat to personal and financial data.
The discovery was announced on November 26, 2025, highlighting the growing sophistication of mobile cyber threats in the region. Indian Android users need to be particularly vigilant as this malware demonstrates advanced capabilities beyond typical banking trojans.
How Sturnus Malware Operates
Sturnus malware infiltrates devices through seemingly legitimate applications that users download from unofficial sources. Once installed, the trojan operates silently in the background, gathering sensitive information without the user's knowledge.
The malware has demonstrated the ability to record messages received on popular messaging platforms including WhatsApp, Telegram, and even Signal, which is known for its strong encryption protocols. This represents a significant escalation in mobile surveillance capabilities available to cybercriminals.
Beyond message monitoring, Sturnus secretly tracks financial applications to steal bank account credentials. The trojan can capture login information, transaction details, and other sensitive banking data that could lead to substantial financial losses for victims.
Protection and Prevention Measures
Security analysts recommend that Android users take immediate precautions to protect their devices and personal information. The most critical step is to download applications only from official sources like the Google Play Store and avoid third-party app markets.
Users should also regularly update their Android operating systems and applications to ensure they have the latest security patches. Being cautious about app permissions and monitoring for unusual device behavior can provide additional protection against such threats.
Security experts emphasize that the detection of Sturnus on November 26, 2025 serves as a timely reminder for all mobile users to review their security practices, especially when handling financial transactions and sensitive communications through messaging apps.
