In recent times, cybercriminals are increasingly turning to mobile devices to commit illicit activities, especially Android smartphones and tablets which are increasingly vulnerable to banking malware. The latest addition to this category is Nexus, android trojan virus particularly dangerous hiding inside YouTube third-party apps. Let's see what it is and how to avoid it in detail.
Nexus is an Android virus that accesses your banking data
This banking malware was discovered by cybersecurity firm Cleafy and Cyble Research and Intelligence Labs (CRIL) in June 2022. Nexus is distributed via phishing sites that pretend to be legitimate phishing sites. YouTube Advanced, a third-party app for YouTube that hasn't been developed for a long time.
Once installed on your device, Nexus connects to the command and control (C2) server used by cybercriminals to control malware, launch attacks, and receive stolen data. Nexus can easily access all of the user's bank details.
This banking trojan can perform overlay attacks, i.e. replicate a legitimate interface to trick the user into entering their credentials, and uses keylogging to log the characters typed on the keyboard. Furthermore, malware can also steal SMS messages to gain access to two-factor authentication codes and can abuse accessibility services to steal information from cryptocurrency wallets, two-factor verification codes generated by Google Authenticator and website cookies.
Nexus is currently in a beta stage, but it is widely advertised on hacker sites and can be rented easily for around $3000 a month. The developer of Nexus appears to be from a CIS (Commonwealth of Independent States) country and has banned the use of the trojan in several countries including Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, the Russian Federation, Tajikistan, Uzbekistan, Ukraine and Indonesia.
To protect yourself from this and any other trojan, the advice is always the same: download applications only from the Google Play Store and still verify the origin, avoiding apps from unknown developers or with few reviews. It's good practice also enable Google Play Protect and use biometric security features where possible.
