Italian cybersecurity firm Cleafy has identified an Android banking Trojan, named Nexus, which has already been used by several threat actors to target 450 financial applications and conduct fraud. The malware, which is advertised as a subscription service for a monthly fee of $3,000, contains features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. The malware overlaps with another banking trojan dubbed SOVA, reusing parts of its source code and incorporating a ransomware module. Interestingly, Nexus authors prohibit its use in certain countries. The malware can take over accounts related to banking and cryptocurrency services by performing overlay attacks and keylogging to steal users’ credentials. It can also read two-factor authentication (2FA) codes from SMS messages and the Google Authenticator app through the abuse of Android’s accessibility services. Cleafy initially classified Nexus as a new variant of SOVA in August 2022.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.