Beware the Sturnus malware attacks that bypass instant messenger encryption to read your texts.
Photothek via Getty Images
Nobody wants their secrets to leak, whether that is the Department of War, FTSE 100 companies, or your average consumer VPN user. One place where many secrets exist is within the encrypted instant messages we send via apps such as Signal, Telegram and WhatsApp. So, what if I were to tell you that a new threat has been identified, targeting Android smartphone users, that effectively bypasses the secure encryption that protects the privacy of your messages, and captures them for cybercriminal hackers to read? Welcome to the distinctly dangerous world of the Sturnus trojan.
These Hackers Can Read Your ‘Private’ Instant Messages
Security researchers at threat intelligence outfit ThreatFabric have confirmed that they have observed a new and dangerous piece of Android malware, a banking trojan that goes beyond the normal boundaries of such malicious software. Not only can Sturnus, which the ThreatFabric analysis said is “currently in a development or limited testing phase,” provide hackers with the ability to gain full device control and harvest banking credentials, but also, and here’s the killer blow, it can “bypass encrypted messaging” according to the in-depth technical report.
I’m a user of all three of these instant messaging apps, for different use-cases, and rely upon Signal and WhatsApp encryption for some of them. The good news is that this has not been broken, the attackers have not found a way to read your encrypted messages. What they have done, however, is put together a complex technical process that, ultimately, does something very simple indeed: it reads your messages after you’ve decrypted them and they are displayed on the smartphone screen. This harks back to a warning that I used to give people all the time when secure messengers made a big play on the fact that screenshots could be disabled on time-limited, one-hit and done, messages, so the recipient couldn’t take a copy and share it around. They could if they took a photo of the screen with another device.
It’s also a good time to remind people not to download apps from untrusted sources, even if they appear to be a legitimate Google Chrome update, which seems to be one of the distribution methods for the Sturnus malware.
Hackers Can Read Everything That Appears On Your Smartphone Screen
“Because it relies on Accessibility Service logging rather than network interception,” the report said, “the malware can read everything that appears on screen—including contacts, full conversation threads, and the content of incoming and outgoing messages—in real time.” It is this capability that makes Sturnus particularly dangerous, in the view of the researchers and me, as it side-steps the protection that end-to-end encryption provides. As I’ve often stated, a compromised device is not secure, and nor is anything on it. “The user sees a secure interface, but from the moment the device is compromised,” the researchers confirmed, “every sensitive exchange becomes visible to the operator, with no cryptographic protection left to rely on.”
You can read more about instant messenger security here:
Signal
Telegram
So, if you don’t want hackers reading your private stuff, ensure it stays that way by keeping Google’s Play Protect activated, avoiding unauthorized app stores and not giving permission for accessibility controls to be enabled under less there’s a very good reason and you are 101% sure it is safe to do so.
