This new Android trojan is targeting all your mobile bank accounts

Campaign is also expected to get more sophisticated

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

It’s not just legitimate companies looking to drive profitability through -aaS models, because this new MaaS (malware-as-a-service) subscription is offering cybercriminals the activity to rent access to a trojan that can steal your banking data.

The botnet, named Nexus, was first made available on a forum in January 2023 when it was described as a “very new” project which would be under “continuous development” - although it was available at a cost of $3,000 per month.

However, Italian cybersecurity firmCleafynow says that it has been around since June 2022, and shares some code similarities with an Android banking trojan that emerged in mid-2021.

Android banking trojan

As part of the MaaS’s code of conduct, users are prohibited from using Nexus in Russia and other CIS states. The code indicates this, as it ignores Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, the Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

These are the best ID theft protection tools around>The FakeCalls Android banking scam is back>This sneaky credit card stealer hides within payment processors to avoid security scans

It works by stealing passwords from banking apps, and even those secured with two-factor authentication (2FA) aren’t necessarily safe because certain accessibility features that expose SMS andGoogleAuthenticator codes for ease of use can be accessed by the trojan.

Once Nexus is installed on an unsuspecting victim’s device, it connects to a C2 server and provides a C2 web panel for cybercriminals to carry out their attacks and receive stolen data.

Despite its similarities to a previous trojan, researchers have concluded that this represents a new attack operated by a different group. This, combined with its infancy and threat of continuous development, make it one worth keeping an eye on, while online banking customers are urged to ensure that their accounts remain protected by multiple layers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report