Sturnus : The Android Trojan That Reads Encrypted Messages and Steals Money – InfoCons – Consumer Protection in Cybersecurity
What it is, how it works, and why it matters for digital security
How the Sturnus attack works
Sturnus is an advanced Android banking trojan capable of:
- hiding inside a malicious APK
- capturing conversations from WhatsApp, Signal, and Telegram
- taking full control of the device
InfoCons Consumers Protection Informs You – Ultra-Processed Foods and Their Effects : Prevention Starts with Informed Consumers – InfoCons Consumer Protection
How it “reads” encrypted messages
Sturnus does not break encryption. Instead, it:
- abuses Android Accessibility Services
- reads text directly from the screen after the app decrypts it
- collects conversations, contact names, and messages in real time
Sturnus – Stealing banking data with precision
It uses HTML overlays (fake interfaces) to:
- display counterfeit banking login screens
- collect usernames and passwords
- execute transactions without the user noticing
InfoCons Consumers Protection Informs You – Over 700 Alerts in 2025 for risky and counterfeit toys in the InfoCons Consumer Protection App ! Safe Products , Confident Consumers !
How the Sturnus Android trojan is installed
It is typically distributed via:
- APK files disguised as Google Chrome or other legitimate apps
- possible malvertising campaigns or direct messages promising something “cool”
Signed : Women4Cyber ROMANIA