Android security has seen significant improvements over the years, thanks to Google’s diverse suite of virus removal tools. These include Play Protect for apps, Safe Browsing for web activities, and Advanced Protection services for Google Accounts. Nonetheless, there remains a risk of malware infections on your devices. Recently, a new threat has emerged, targeting bank accounts just in time for the holiday season.
Threat
This latest Android threat, referred to as Sturnus, is a conventional Trojan malware that skillfully bypasses Android’s security measures. Once it infects a device, hackers can intercept conversations on well-known chat applications like Signal, Telegram, and WhatsApp. They can also replicate your bank’s login interface to deceive you into providing sensitive login credentials.
What’s particularly concerning about this malware is its sophistication. Sturnus doesn’t attempt to break encryption on popular apps. Instead, it uses Android’s built-in accessibility features to access, display, and capture information shown on the screen. Additionally, it includes uninstall protection, complicating the removal process once your device is compromised.
To better protect your Android smartphone from Sturnus, consider the following precautions.
How to Check for Sturnus Infection
Sturnus poses a significant danger as it operates in stealth mode. Currently, there’s no definitive way to ascertain if your device is infected; it may very well be lurking within your system at this very moment!
However, you might be less at risk if any of the following points apply:
First off, Sturnus is only introduced when you download and install an Android app (APK file) directly onto your device. If that file is sourced from a third-party site, like a spam message or an unverified app store, your device is more vulnerable. According to a statement by Google, users who downloads apps strictly from the Google Play Store are considered safe.
Reportedly, no applications harboring this malware have been found on Google Play. Android users benefit from built-in protection through Google Play Protect, which automatically safeguards against known malware. This feature is activated by default on devices with Google Play Services, warning users or blocking apps exhibiting harmful behavior, even if they aren’t downloaded from Play.
Secondly, Sturnus has predominantly been detected on devices in Southern and Central Europe. Currently, users in the United States don’t face any immediate threat, but this could change as the holiday season progresses.
Preventing Sturnus Infection
To safeguard your device against Sturnus and other malware threats, consider implementing the following measures:
Google Play Protect
Ensure that Google Play Protect is active. This feature routinely scans installed apps for behaviors indicative of malware. To enable Play Protect, open the Google Play Store app, click on your profile icon in the upper right corner, and select Play Protect. Make sure it’s switched on.
Disable “Install Unknown Apps”
While the Google Play Store is the primary app store for most Android devices in the U.S., it’s still possible to install apps from other sources. To minimize your risk, ensure that your device doesn’t unintentionally allow installations from suspicious online sources. On a Samsung Galaxy, navigate to the Settings app and check under [Security and Privacy] > [Other Security Settings] > [Install Unknown Apps]. Uncheck any enabled apps on this list.
If you’re using a Google Pixel, go to Settings and select [Apps] > [Special App Access] > [Install Unknown Apps]. Like with Samsung, make sure all apps are toggled off.
For other Android brands, you can search for “Install Unknown Apps” in the Settings app. Again, ensure this feature is disabled.
Additional Features
Some Android devices come equipped with added security functions aimed at protecting against malware, both on the software and hardware front. For example, Samsung Knox offers robust data protection, and Pixel 6 and later models feature the Titan M2 chip, enhancing security against theft. Regular monthly security updates from Google also help keep your device secure.
Resolution for Sturnus
Currently, there’s no fix available for Sturnus, and one isn’t likely to emerge anytime soon. The malware exploits key functionalities embedded within the Android operating system, making a comprehensive disablement of these features unfeasible for Google.
Interestingly, the rise of Sturnus coincides with Google’s recent announcements aimed at tightening app distribution and sideloading from unverified sources. This strategy could significantly decrease the chances of this type of malware infecting devices globally, but pushback from the Android community has led Google to ease some of these proposed restrictions. The final changes related to sideloading will be initiated in late 2026.
For the time being, your best approach to keeping Sturnus at bay is to avoid downloading APKs from sources outside the Google Play Store. Following these straightforward tips will help you remain worry-free.
