A new malware called Nexus has just appeared, already wreaking havoc. Capable of reading double authentication SMS, he steals confirmation codes to empty bank accounts. Creepy !

A new malware called Nexus has just appeared already wreaking

A new malware called Nexus has just appeared, already wreaking havoc. Capable of reading double authentication SMS, he steals confirmation codes to empty bank accounts. Creepy !

You will have to be particularly careful if you use banking applications on your Android smartphone. A new malware called Nexus has just appeared on hacker forums. And it’s already wreaking havoc! This Trojan horse uses the most advanced techniques of the moment to hack and empty accounts without its victims even being aware of it. Once installed on a mobile, it performs overlay attacks, appearing over – instead of – the legitimate banking application, which allows it to spy on all the operations that its victims carry out. He can thus recover identifiers and passwords, thanks to a keylogger which analyzes and collects all the numbers and letters entered. But it also knows how to intercept and read confirmation SMS used for double authentication to retrieve the validation code. And, even worse, it can even erase messages, to remove any trace of a possible alert following suspicious activity. It knows how to update itself automatically and discreetly! In short, the complete arsenal to empty bank accounts!

Nexus: a new generation malware offered as a subscription

Nexus has just been discovered by cybercrime experts from the specialist firm Cleafy. As they explain in their publication, Nexus is particularly dangerous for two reasons: first, it is able to manage and imitate some 450 banking applications; then, it is offered out-of-the-box, in Malware-as-a-Service mode, in other words, as a subscription-based service. For 3000 dollars per month, any hacker can use it, without even having any particular technical knowledge. A mode of commercialization in vogue on “dark” forums, which makes it possible to develop a real ecosystem around a tool, by offering it to as many crooks as possible.

Nexus thread on a hacking forum © Cleafy

Cleafy researchers have failed to identify the origin of the creators of Nexus. But some clues suggest a link with Russian pirate networks, a clause in the subscription contract prohibiting the use of the malware in Russia and the former Soviet republics. Above all, experts believe that Nexus is only in its infancy – it would have appeared in January, as evidenced by discussions on specialized forums – and that the worst is yet to come if it spreads across the planet. A case to follow closely in the coming weeks…

ccn5