top of page


  • Marijan Hassan - Tech Journalist

Researchers flag Android trojan that steals your bank login credentials

The malware-as-a-service continues to be a hot market as new groups continue to emerge offering new services. Researchers from Italian cybersecurity firm Cleafy have come out to warn users against a new Android trojan that can be used to steal their banking information.

The trojan, labelled Nexus, first came into the limelight in January 2023 when it was posted in a forum. The uploader described it as a “very new” project that would be going under “continuous development” Anyone interested in using Nexus could use it at the cost of $3,000 per month.

However, experts from Cleafy believe the botnet has been around since June 2022 and seems to be imitating another Android trojan that came out in 2021.

Further analysis of the botnet code shows that it can’t be used in Russia and other CIS states including Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Moldova.

The Nexus botnet works by stealing passwords from banking apps. What makes it even more dangerous is that it can bypass two-factor authentication (2FA) by exploiting certain accessibility features that expose SMS and Google Authenticator codes.

Once Nexus is installed on an unsuspecting victim’s device, it connects to a C2 server and provides a C2 web panel for cybercriminals to carry out their attacks and receive stolen data.

While everything about Nexus resembles the 2021 Android trojan, researchers have concluded that it’s a new attack and is being run by a different group.

The group behind it has said that the trojan will be under continuous development which puts it on the list of cyber threats to watch out for. Users are advised to take all precautions to secure their banking apps. This includes using multiple layers of protection and ensuring the apps are up to date to patch any vulnerabilities.


bottom of page