A company that offers solutions against online fraud and malware has discovered a very powerful botnet called Nexus. This has access to several hundred Android online banking applications.
There cybersecurity company Cleafy revealed the existence of a new Android malware called Nexus. The latter is made available to hackers attending a specialized forum, against a monthly payment. More and more virus writers are using this pricing model, which allows customers to operate a botnet and deploy campaigns on a temporary basis without the need for great expertise.
To read – The terrible Emotet malware is back in your mailbox, beware of attached files
Nexus is Malware-as-a-Service, subscription-based malware, which is not affordable to ordinary hackers. Even if it is still only in beta version, its designers are asking hackers for the trifle of $3,000 a month to be able to use it. For that price, Cleafy claims that the malware offers access to 450 different financial or banking applications on Android.
Nexus is a new type of malware that hackers are renting out for $3,000 a month
The program can steal text messages to get verification code in two steps, the authentication application codes from Google, information from crypto wallets, but also cookies from the sites visited. So much information that will allow them to take control of the bank accounts of their victims. The data of billions of smartphone users is at risk.
To read – Cybersecurity: France is the 5th country most targeted by ransomware attacks
Who are the authors of this malware and where do they come from? The authors of the article do not advance to trace its exact origin, but they note all the same that the use of Nexus is linked to a clause prohibiting its use in Russia or in the former Soviet republics. Furthermore, they note that this virus is still in the development phase, and that it “borrows” code from another malware called SOVA that is found in other botnets. The worst is yet to come. Cleafy specifies: “at the time of writing, the absence of a VNC module limits the scope and capabilities of Nexus […] it is however a real threat capable of infecting hundreds of devices worldwide “.
