VERY IMPORTANT

A new Android banking trojan called Sturnus has been identified, featuring advanced capabilities including full device takeover and the ability to bypass encrypted messaging apps. The malware can harvest banking credentials, provide remote control to attackers, and monitor communications on WhatsApp, Telegram, and Signal. Currently in a development phase, Sturnus is targeting financial institutions in Southern and Central Europe. It uses a complex communication protocol with its command-and-control server, employing both WebSocket and HTTP channels. The malware's capabilities include data exfiltration through HTML overlays and keylogging, messaging app monitoring, remote control via VNC, and extensive environment monitoring. Sturnus represents a sophisticated threat to financial security and privacy.