This new Android malware is scary – it steals banking info and records your screen in secret (Updated)

UPDATE: A Google spokesperson has reached out to us to address the situation. See the company's statement below. 

There's a new Android malware that has been recently identified as a serious risk for Android phones. Unfortunately, the Trojan focuses on stealing banking information and can capture encrypted messages, even from platforms like WhatsApp and Signal, without the user realizing it did so. 

New Android malware found that can steal banking information 

ThreatFabric now reports that there is a new Android banking trojan malware dubbed Sturnus. It has been identified by MTI Security researchers as highly capable malware that can even achieve device takeover. 

Unfortunately, the virus seems capable of bypassing message encryption. It does so by reportedly capturing content from the device's screen after the messages have been decrypted by apps like WhatsApp, Signal, and Telegram. So no, it's not breaking the encryption, but it's simply recording the decrypted content from the phone's screen. 


It's also been found that the virus gives attackers significant remote control capabilities. Malicious users can observe your activity, push text to the device, and on top of it all, they can black out the device screen when they do fraudulent transactions.

Luckily, Sturnus has not been deployed at full scale just yet. Reportedly, the malware is currently in development or probably in testing. Some targeted attacks have reportedly been made in Southern and Central Europe. 

The publication notes that although the spread is limited at this moment, there are hints that suggest the attackers may be planning a broader attack when their tool gets refined.

How to make sure you've done everything you can to protect yourself

First, make sure your phone only installs apps from Google Play or another trusted store. Most malware sneaks in through random APKs or shady links, so avoiding those already cuts a huge part of the risk. 

It also helps to regularly check which apps have access to things like your screen, accessibility settings, or notifications – if something looks off, remove it right away.

Also, turn on two-factor authentication for your banking apps and Google account. Even if someone somehow gets your password, they won't be able to log in without the second step. 

Malware like this is scary, but not worth panicking over

Malware like Sturnus always sounds terrifying at first, but honestly, most people who follow basic security habits will be fine. Malware usually targets users who install random apps or ignore warnings, not someone who just uses their phone normally and keeps it updated. 

So yeah, it's creepy, but it's also something you can stay safe from with a bit of care.

Personally, I just use the simple rules: official apps only, no mystery links, everything important locked with 2FA. And the good thing is that Google reacts pretty fast to new threats like this one. So while it's good to stay alert, I wouldn't lose sleep over it – just tighten your settings a bit and go on with your day.