Great Moto G Stylus deal on Amazon!

Fans of third-party YouTube apps should watch out for Nexus banking malware

By
2comments
Android Apps
Fans of third-party YouTube apps should watch out for Nexus banking malware
A new Android banking trojan called Nexus has been discovered by Cyble Research and Intelligence Labs (CRIL) and cybersecurity firm Cleafy (via Tom's Guide).

It first appeared in June last year and is now being openly advertised by its creators on hacker forums to increase its reach. Nexus' primary targets are 450 banking and cryptocurrency apps. 

It's being distributed through phishing websites posing as legitimate websites of YouTube Vanced, a discontinued third-party YouTube app. It uses all the tricks in the books to gain your banking info and take over your financial accounts.

Nexus asks for 50 permissions and abuses at least 14 of them


It is capable of performing overlay attacks, i.e. replicating a legitimate interface to trick you into entering your credentials, and uses keylogging to record your keystrokes. It can even steal SMS messages to get access to two-factor authentication codes and can abuse Accessibility Services to steal information from crypto wallets, 2-Step Verification codes generated by Google Authenticator, and website cookies. The trojan can also delete messages received by you.

After it's installed on a device, Nexus connects to its command-and-control (C2) server. C2s are used by cybercriminals to control malware, launch attacks, and receive stolen data.

Nexus is said to be in the beta stage but it's already being used by many threat actors to carry out nefarious activities. Cybercriminals who do not know how to make their own malware can rent it for $3,000 a month.


It looks like the developer is from a CIS (Commonwealth of Independent States) country and has prohibited the trojan's use in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine, and Indonesia.

Nexus is capable of updating itself and Cleafy thinks it is a real threat and can infect hundreds of Android devices in the world.

To protect yourself from infections, try to only download apps from Google Play and enable Google Play Protect. Use strong passwords and enable biometric security features where possible and be very careful when granting permissions.
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Recommended Stories

Loading Comments...

Popular stories

Even longtime T-Mobile customers will have to put up with slow internet speed policy
Even longtime T-Mobile customers will have to put up with slow internet speed policy
Walmart's hot deal on the JBL Xtreme 3 gives you maximum sound at a bargain price
Walmart's hot deal on the JBL Xtreme 3 gives you maximum sound at a bargain price
iPhone users warned to disable iMessage temporarily to avoid getting hacked
iPhone users warned to disable iMessage temporarily to avoid getting hacked
T-Mobile issues unsatisfying statement about employees receiving SIM swap offers
T-Mobile issues unsatisfying statement about employees receiving SIM swap offers
The Galaxy Tab S8 Ultra is a dream come true after a hefty $400 discount at Best Buy
The Galaxy Tab S8 Ultra is a dream come true after a hefty $400 discount at Best Buy
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate
Text message from AT&T about a free device offer may look like a scam or spam but it is legitimate

Latest News

T-Mobile confirms major 5G network upgrades in Louisiana
T-Mobile confirms major 5G network upgrades in Louisiana
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Apple needs a $250 iPhone to boost sales but it doesn't want to make "stripped-down, lousy products"
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Grab the smaller-sized Galaxy Watch 6 at bargain prices through Amazon's deal
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
Galaxy S21 and S22 owners facing green line issue will get free screen replacement in one country
AT&T's first kid-friendly tablet is here with a fun design and great price
AT&T's first kid-friendly tablet is here with a fun design and great price
LeBron James may have leaked Apple's next big Beats product
LeBron James may have leaked Apple's next big Beats product
FCC OKs Cingular\'s purchase of AT&T Wireless