A group of researchers specialized in cybersecurity has discovered a new and dangerous type of banking malware, dubbed “Nexus”.

The firm’s team of specialized cybersecurity researchers Cleafy has discovered a new type of banking malware aimed at Android mobiles, which since june last year would have been capable of infecting the mobiles of a significant number of users. It is a malicious software especially dangeroussince he is capable of take control of the accounts that users have open in Bank entities or cryptocurrency buying and selling platforms, with the risks that this entails.

Although the first attacks were carried out around June of last year, it has not been until January 2023 When researchers have been able to identify the threat. They recognize that malware has spread through multiple forums to hackwhere its creators explained that the source code of the malware it is completely new, hence it took several months for the threat to be discovered.

Nexus, the banking malware that can empty your account

In the original publication where its creators showed how the malware works, the possibility of renting access to the software for a fee of $3,000 per month. In return, those planning to use the malware could use it to embed the code into their applications and thus try to make a profit at the expense of the targeted users.

In the research, cybersecurity experts acknowledge that while Nexus is still in an early stage of its developmentit is already being used in some attack campaigns around the world. In this sense, it has been possible to find signs of malware present in some malicious applications that masquerade as popular apps, such as advanced youtubethe ad-free, feature-packed alternative to the YouTube app.

Once the infected application is installed on the victim’s device, the malware carries out “keylogging” tasks, which consist of record everything the user types on their keyboard, including passwords, credit card numbers, emails, and other sensitive information. In addition, it is capable of steal the content of SMS messages to get one-time verification codes, and abusing accessibility permissions with the objective of steal information stored in cryptocurrency applications, as well as to get verification codes apps like Google Authenticator.

It’s about a complex and highly advanced malwarethat even has mechanisms that allow it to update autonomously without the need for user interaction. Thus, they have been adding new target applications from banks around the world, which Nexus is prepared to attack. These include Spanish bank apps like these:

• direct ing
• bankinter
• ruralvía
• BBVA
• Santander
• EvoBank
• Working box
• cajamar
• Sabadell
• Ibercaja
• caixabank

Since none of the apps infected by Nexus have been discovered in the Google Play Store catalogue, in this case, avoid downloading mobile applications from sources outside of Google Play or other reliable sources seems to be the most effective way to fall for attacks of this type. And in case of having indications that the smartphone may be infected, it may be interesting to follow the steps of our guide to remove malware or virus from android phone.