• Malware targets Android users by stealing banking data and messages
• Threatens devices with full control, removal blocking, and activity monitoring

Security researchers have uncovered a new Android malware called Sturnus, notable for its extensive data‑theft capabilities and full remote control over infected devices.

The malware can take over the phone, steal banking account information, and access message content in encrypted apps like WhatsApp and Telegram by reading it directly from the user's screen without being noticed.

Researchers believe the malware is still in a testing phase, but already demonstrates advanced functionality consistent with an organized operation.

Sturnus operates by deceiving victims with fake banking login screens designed to steal passwords and sensitive financial details before sending them to its operators.

It also allows attackers to view the phone’s display in real time and execute remote commands as if they were physically using the device.

To ensure persistence, the malware grants itself elevated permissions that block removal attempts, while monitoring SIM changes, new app installations, and any signs of inspection.

Researchers warn the threat is rapidly evolving, particularly with its focus on financial data and digital payments, and may soon become one of the most dangerous banking malware strains targeting Android devices.