Nexus Android Malware targets customers of 450 financial institutions

Nexus Android Malware targets customers of 450 financial institutions worldwide

The recently evolved version of Nexus has targeted more than 450 banks and cryptocurrency services. Multiple threat actors are already found to be using Nexus to conduct fraudulent campaigns.

About the malware:

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.

The Nexus banking trojan was first discovered in an advertisement on a Russian cybercrime forum which explained that it is a new project which is compatible with Android versions up to Android 13.

Just like with other banking trojans, it’s being distributed using a Malware-as-a-Service model where hackers pay other hackers for access to the malware.

The way in which Nexus is able to steal and drain the bank accounts of victims is by performing overlay attacks. For those unfamiliar, these kinds of attacks involve putting an overlay or a fake version on top of a legitimate banking app. Victims go to login to their accounts as they normally do but the overlay captures their username and password. Likewise, Nexus also includes a keylogger to steal any passwords a user may type in or autofill on their phone.

In January 2023, Cleafy researchers spotted the malware – now more sophisticated – appearing on several hacking forums under the name Nexus.

How to stay safe from Android malware

When it comes to the Nexus banking trojan and other Android malware, the first way that you can protect your devices and the data they contain is by not sideloading apps. While it may be convenient to install an app without going through an official app store like the Google Play Store, this also puts you at risk as you have no idea what its APK installation file may actually contain.
Even if you only download apps from official sources, there’s still a chance that you may accidentally install a malicious app. Bad apps manage to slip through the cracks from time to time which is why you should always be careful when installing any new app.