Unveiling Nexus: An Android Trojan that Targets Banks and Cryptocurrency Wallets

03/24/2023 13:38 • Metaverse Matters • 139 views

On March 24th, Italian cybersecurity company Cleary discovered an Android Trojan named “Nexus” that can hijack online accounts and steal funds from them, targeting 450 banks and customers of cryptocurrency services worldwide. The Trojan was discovered using Android’s “accessibility service” feature to steal private keys and balance information from cryptocurrency wallets, cookies from target websites, and dual factor authentication (2FA) for Google Authenticator applications. （csoonline）

Android Trojan virus Nexus may steal encrypted private keys

Introduction

On March 24th, 2021, Cleary, an Italian cybersecurity company, discovered a new Android Trojan named Nexus. This virus has the potential to hijack online accounts and steal funds from approximately 450 banks and cryptocurrency service providers globally.

Background on Nexus Trojan

The Nexus Trojan is a highly sophisticated malware that uses Android’s “accessibility service” feature to steal private keys and balance information from cryptocurrency wallets, cookies from target websites, and dual-factor authentication (2FA) for Google Authenticator applications. The creators of this Trojan can use it to manipulate users’ financial data without raising any suspicion.

How the Trojan Works

The Nexus Trojan starts by gaining access to the user’s phone by disguising itself as a legitimate app. Once installed, it automatically gains access to the phone’s accessibility service, which it uses to monitor user activities. The Trojan then waits for the user to log into their online bank account or cryptocurrency wallet. It then captures the user’s information and sends it to a remote server where it is analyzed, with the hackers using the information to access the victim’s account details.

Targets of the Nexus Trojan

Nexus targets around 450 banks and customers of cryptocurrency services globally. Once the malware has infected a user’s device, it silently monitors their online activity, waiting for an opportunity to steal login credentials or other sensitive information.

Impact of the Nexus Trojan

The Nexus Trojan has the potential to cause significant harm to both individuals and businesses. Any individual or company that stores or transacts their financial data using their smartphone or tablet is at risk of becoming a victim of this Trojan. This malware can steal login credentials, personal identification data, and other sensitive financial information. It can also log keystrokes, record phone calls, and send or receive data messages, making the malware creators privy to sensitive organizational data.

How to Prevent Nexus Trojan Attack?

It is vital to follow these strategies to prevent the Nexus Trojan attack:
– Do not download apps from untrustworthy sources.
– Always ensure that your mobile device is running the latest version of the operating system.
– Do not click on links from untrusted or suspicious sources.
– Use antivirus software and keep it up to date.
– Use strong passwords and 2FA authentication for online accounts.

Conclusion

The Nexus Trojan is a highly sophisticated malware that has a vast impact on financial institutions and individuals worldwide. Cybersecurity professionals must work together to strengthen their systems and keep the Nexus Trojan at bay.

FAQs

1. What is Nexus Trojan’s Accessibility Service feature?
The Accessibility Service is a feature of Android OS that enables users with disabilities to more easily interact with their device. It grants apps such as the Nexus Trojan enhanced access permissions.
2. Can the Nexus Trojan infect iPhones?
No. Currently, there is no evidence that the Nexus Trojan affects iPhones or any other Apple devices. It is primarily spread through the Google Play store, and Android devices are the most affected.
3. How can I check if my smartphone has been infected by the Nexus Trojan?
If you suspect that your smartphone has been infected by the Nexus Trojan or any other malware, it is best to seek the help of a reputable cybersecurity firm. Alternatively, you can run a malware scan on your smartphone to detect any malware or Trojan.

This article and pictures are from the Internet and do not represent SipPop's position. If you infringe, please contact us to delete:https://www.sippop.com/7904.htm

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.