Several cyber criminals have already been exploiting a newly discovered Android banking trojan, dubbed Nexus, to penetrate 450 financial applications and steal data.
While this malware was identified by cybersecurity analysts at Italian cybersecurity firm, Cleafy, they affirmed that it is still in its early development stages.
However, ATO attacks against banking portals and cryptocurrency service providers can be conducted using this malware as it is equipped with all the main features.
Price tag or fee
Earlier this month, cybersecurity firm Cyble documented the emergence of this new malware in several hacking forums. So, the cyber criminals behind this malware advertised it to potential clients as a subscription service with a monthly fee of $3,000.
Moreover, it appears to incorporate a ransomware module actively developing and reuses parts of another banking trojan named SOVA.
Countries excluded
This is interesting to note since the Nexus authors have clearly specified that their malware will not be used in any of the following countries:-
- Azerbaijan
- Armenia
- Belarus
- Kazakhstan
- Kyrgyzstan
- Moldova
- Russia
- Tajikistan
- Uzbekistan
- Ukraine
- Indonesia
Apart from this, Android’s accessibility service can be abused by malware to read 2FA codes from SMS messages and Google Authenticator apps.
Here is a list of some updated and new functionalities that have been added:-
- The ability to delete SMS messages received
- Activate or stop the 2FA stealer module
- Ping a C2 server periodically to update itself.
Without a VNC module, Nexus’ action range and capabilities are currently limited. Nexus is a threat that can infect hundreds of devices globally in accordance with the infection rate determined from multiple C2 panels.
Go to Source
Author: Guru
