Nexus

Nexus is an Android banking trojan. Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. It also provides a built-in list of injections against 450 financial applications. Despite Nexus being promoted as a brand-new malware, it contains some relations with the SOVA banking trojan, suggesting that developers adopted and reused old developments.

Known Variants

Nexus botnet, modular and designed for delivering malware and stealing credentials.

Mitigation Strategies

Employ comprehensive endpoint protection solutions to detect and block Nexus payloads. Regularly update software and firmware to eliminate vulnerabilities that Nexus exploits. Use network segmentation to limit botnet activity and lateral movement. Monitor traffic for abnormal patterns, especially to known malicious C2 servers.

Targeted Industries or Sectors

Primarily targets financial institutions but is also used in attacks on telecommunications and e-commerce platforms.

Associated Threat Actors

Nexus is linked to cybercriminals involved in botnet monetization and credential theft.

References

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Ready to uncover malware networks?

We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

Book your Demo Today

Hunt Intelligence, Inc.