Account Taken-Over! Nexus on its Peak

Cleafy, a company specializing in fraud prevention, reports that the Nexus Android banking trojan is now being advertised on underground forums as a botnet, using the malware-as-a-service (MaaS) business model. While the trojan was first announced in June 2022, it had already been active for several months. However, beginning in January 2023, its creators began promoting it as a botnet, with a MaaS subscription cost of $3,000 per month.

⚠️ Our technical analysis on Nexus, an Android banking trojan recently appeared on multiple underground forums.

Full report: https://t.co/3nMyBBmWa4#Android #botnet #nexus #cleafy pic.twitter.com/zehGhulZld

— Cleafy LABS (@cleafylabs) March 21, 2023

Plan of action

1. Nexus, a Trojan malware, received updates between August 2022 and January 2023. The malware developers added the ability to delete received SMS messages and a feature to enable and disable the 2FA stealer module.
2. The trojan was also updated with an auto-update mechanism, and encryption capabilities are being worked on, which could potentially be used for hiding malicious activities or preparing for a ransomware module.
3. The Nexus developers manage the malware and data collection operations from a centralized interface that provides information on infected devices and the botnet’s status.
4. The centralized panel also allows malware operators to create customized samples and injections targeting the applications of 450 different financial institutions.

MAAS(Malware as a Service): Crook in action

MaaS is often offered through dark web marketplaces, where potential buyers can browse and purchase various types of malware, including ransomware, trojans, and spyware, among others. 

MaaS has made it easier for cybercriminals to carry out attacks, as they can now access advanced tools and techniques without having to develop them themselves. This has led to an increase in the frequency and complexity of cyber attacks, posing a significant threat to individuals and organizations alike.

Ponder recommendations to stay safe from Android malware

Here are some tips to help you stay safe from Android malware:

• Only download apps from trusted sources such as the Google Play Store. Avoid downloading apps from third-party app stores or unknown sources.

• Check app permissions before downloading an app. Be cautious of apps that request unnecessary permissions that do not relate to the app’s functionality.

• Keep your Android device updated with the latest security patches and updates. Regularly check for updates and install them as soon as they become available.

• Install a reputable antivirus or security app on your Android device. This can help detect and remove malware.

• Be cautious of suspicious links or attachments received via email or text messages. Do not click on links or download attachments from unknown sources.

• Avoid using public Wi-Fi networks, especially for sensitive activities such as online banking. If you must use public WiFi, use a virtual private network (VPN) to encrypt your data.

• Use strong, unique passwords for your accounts and enable two-factor authentication (2FA) whenever possible. This can help prevent unauthorized access to your accounts.

Summing-up

Understanding the importance of being secure on the internet has become something you must never forego. If you want your data, your privacy, and your identity to be safe, follow preventive measures. After all, it is always brainier to prevent than to cure!