A new Android banking trojan called “Nexus” has emerged, and it has already started targeting banking apps in several countries. According to researchers from the cybersecurity firm Check Point, the trojan is designed to steal sensitive information such as banking credentials, credit card details, and personal data. The trojan uses a variety of techniques to evade detection, including encrypting its communication with the command and control (C&C) server, disguising its malicious activity as legitimate processes, and using an advanced rootkit to hide its presence on the infected device. Nexus is distributed via various methods, including phishing emails, malicious websites, and third-party app stores. Once installed, it can intercept incoming SMS messages to bypass two-factor authentication (2FA) and gain access to the victim’s banking app. The researchers have identified Nexus infections in several countries, including Brazil, Mexico, Turkey, and India. They believe that the trojan is still in the early stages of development and could be more widely distributed in the future.
To protect against Nexus and other Android banking trojans, users should only download apps from official app stores, keep their devices up to date with the latest security patches, and be cautious of suspicious emails and websites. Additionally, users should enable 2FA wherever possible to add an extra layer of security.