A new Android banking Trojan dubbed Nexus by security researchers has been identified in several malicious campaigns across the world. The tool is promoted as part of a malware-as-a-Service subscription and allows threat actors to perform a variety of malicious activity, including account takeover. The banking Trojan was identified in January 2023 by security researchers at Cleafy.
Cleafy has since released an advisory detailing the banking Trojan, stating that its activity dates back to 2022. Cleafy analyzed Nexus samples and reported code similarities between it and another malware called SOVA. Based on this information, Cleafy believes that Nexus could be an updated version of SOVA. However, the threat actor behind SOVA has reportedly stated that an affiliate stole the source code of the project. Nexus offers threat actors the ability to conduct overlay attacks and keylogging activities with the goal of stealing credentials. Additionally, the malware allows attackers to obtain SMS messages for two-factor authentication codes and information from cryptocurrency wallets.
Read More: New Android Banking Trojan ‘Nexus’ Promoted As MaaS