New Android Malware “Sturnus” Sidesteps Secure Messaging Protections

by | Nov 26, 2025 | 2025

New Android Malware “Sturnus” Sidesteps Secure Messaging Protections

by | Nov 26, 2025

A newly identified Android malware strain known as Sturnus is raising serious concerns among cybersecurity researchers for its ability to sidestep the privacy protections users rely on in secure messaging apps. Developed as a sophisticated banking trojan, Sturnus goes far beyond the usual credential-stealing behavior seen in mobile malware. According to analysts, its most alarming capability is the way it captures messages from apps such as Signal, WhatsApp, and Telegram—not by breaking encryption, but by intercepting texts at the moment they appear on the screen.

This approach gives attackers a window into conversations that users assume are protected, illustrating a long-standing security truth: once a device itself is compromised, even strong encryption can’t guarantee privacy. Sturnus is also equipped with typical banking-trojan features like device takeover, keylogging, and harvesting authentication data, making it a multipurpose tool for cybercriminal groups.

Early evidence suggests the malware is being delivered through fake app updates, including counterfeit versions of Google Chrome, which trick users into installing it manually. Security experts urge Android users to avoid downloading apps from outside official stores and to remain cautious of unexpected update prompts. As Sturnus continues to evolve, its capabilities highlight the growing risks posed by spyware able to exploit the device rather than the encryption protecting it.

 

 

References:

https://www.threatfabric.com/blogs/sturnus-banking-trojan-bypassing-whatsapp-telegram-and-signal

https://flip.it/3ZBrE8

https://cyberinsider.com/sturnus-android-malware-spies-on-encrypted-signal-whatsapp-chats/

 

________

 

One more thing, at Pfortner, we take communications privacy very seriously. We encrypt email, messaging and network communications to provide our clientele with uncompromised privacy.

If you need to protect sensitive communications, please see www.pfortner.co.za or send an email to info@pfortner.co.za, and we will get back to you.