It's getting tougher to stay safe online, isn't it? I mean, if you're like me, you probably download apps from various sources sometimes. However, there's a new threat that should make us all think twice about where we get our APK files.

Researchers have found a new Android trojan, named Sturnus, that's pretty nasty. It doesn't just break into your encrypted chats; instead, it uses a clever trick to see what's on your screen. Imagine someone looking over your shoulder as you use WhatsApp, Telegram, or Signal. That's basically what this malware does.

But it doesn't stop there. Sturnus can also fake banking screens to steal your login info. It's like a digital chameleon, perfectly mimicking the look of your bank's app. If you're not careful, you could easily fall for it and hand over your credentials.

According to ThreatFabric, this malware is already active in parts of Europe, even though it's not fully finished yet. It uses a mix of encryption methods that's been called "chaotic". The way it behaves actually reminds researchers of a starling bird, whose mating call includes erratic notes.

While the exact method of transmission is still unclear, experts believe it spreads through malicious attachments in messaging apps. It then disguises itself as familiar apps like Chrome to sneak onto your device. Once it's in, it abuses accessibility settings to spy on your screen, record your actions, and even recreate interfaces from banking apps. It can even gain admin rights, letting it track your unlock attempts and view your passwords. It's like giving a complete stranger the keys to your digital life.

Even though your chats are encrypted, Sturnus can still steal your data by grabbing it right off your screen. Interestingly, it encrypts the stolen data before sending it back to the hackers, using a 256-bit AES key. It's like locking the front door after the burglar is already inside with your valuables.

Since there’s no easy fix, the best defense is caution. Be very careful about downloading APK files from anywhere other than the Google Play Store. It might be a pain, but it's better than having your banking info stolen. Honestly, in light of this, I can see why Google wants to limit sideloading on Android. It is all about security, after all.