Android
Info Stealing
Nexus is an Android banking trojan that launched in 2023 and steals user accounts and money from banking and cryptocurrency services. It operates as a Malware-as-a-Service (MaaS) where cybercriminals can subscribe and use the platform for account takeover (ATO) attacks. Nexus shares code with the older SOVA banking trojan so it’s likely they share code.
Nexus is a MaaS platform where cybercriminals can subscribe and use it for malicious campaigns. This lowers the entry barrier for threat actors and allows the trojan to spread to more targets. Subscribers get a user-friendly interface and regular updates to make the malware more effective and reach wider.
Technical Features
The trojan can intercept SMS, steal login credentials, and bypass 2FA. By using Android’s accessibility services, Nexus can overlay fake login screens on legitimate banking apps and trick users into giving away sensitive info. It can also intercept one-time passwords (OTPs) sent via SMS and give attackers access to victim’s accounts.
Distribution and Impact
Nexus has hit over 450 financial apps worldwide including banking and cryptocurrency services. Its reach and features are a big risk to individual users and financial institutions. The trojan can bypass security and do unauthorized transactions so mobile security should be taken seriously.
Install apps only from official sources like Google Play Store to reduce the risk of malware.
Update your device’s OS and apps regularly.
Don’t click on links or download attachments from unknown sources.
Use mobile security apps.
