Find notable cyber news and cases, enriched with sources, timelines, and signals.

Sturnus Android banking trojan with credential theft and device takeover

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

A new Android banking trojan called Sturnus has been disclosed with credential theft and full device takeover capabilities, raising fraud risk for mobile banking users. It can bypass encrypted messaging by capturing decrypted screen content from WhatsApp, Telegram, and Signal. The malware uses fake banking overlays, accessibility abuse, and remote-control channels to harvest credentials and manipulate infected devices. It is privately operated, currently in an evaluation stage, and is being used against financial institutions across Southern and Central Europe.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

MacOS.Gaslight Rust infostealer-backdoor with Telegram Bot API channel

Malware Activity
H score30 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

About this happening: Researchers identified **macOS.Gaslight**, a **North Korea-linked** **Rust** infostealer-backdoor that can steal **Chrome, Brave, Firefox and Safari** data, terminal histories, in...

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

Google rolls out Android fake call detection against AI impersonation scam calls

Security Tool/Service
H score20 First: 03.06.2026 12:02 Last: 03.06.2026 12:02 Sources 1

About this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
H score25 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

Timeline

  1. 20.11.2025 13:04 2 articles · 7mo ago

    Sturnus Android banking trojan identified

    Initial Disclosure

    Sturnus is a new Android banking trojan that performs credential theft and full device takeover, can capture decrypted screen content from WhatsApp, Telegram, and Signal, uses fake banking overlays and Android accessibility abuse to harvest credentials and manipulate the device, and is aimed at financial institutions across Southern and Central Europe.

    Show sources