Nexus Trojan started actively stealing money from banking apps of Android smartphone owners by imitating a useful app. In this respect single radar said experts from Cleafy company specializing in cybersecurity.
Using data samples from underground forums, the researchers found that the malware was now optimized to work offline. Its activity is associated with the opportunity to purchase a ready-made solution for $ 3,000 (231,000 rubles at the current exchange rate).
“Nexus enters an Android device by pretending to be a legitimate app in third-party Android app stores, not Google Play. Once the device is infected, victims become part of the hacker-controlled botnet,” said one of the Cleafy experts.
Nexus is a powerful malware that can steal two-factor authentication codes from text messages and information from the Google Authenticator app.
Thus, the Trojan is used to steal data from banking apps and then hack into them and steal money from victims. “The Nexus interface supports remote injection of approximately 450 realistic-looking login pages in a banking app for identity theft,” Cleafy added.
Dmitry Galov, former cybersecurity expert at Kaspersky Lab He told socialbites.cathat an unscrupulous specialist in an uncertified service center can infect a customer’s Android smartphone during repairs.