If you rely on apps like Signal or WhatsApp for private conversations, a critical new security threat called the Sturnus Android RAT might make you think twice about your device privacy.
Dubbed “Sturnus” by researchers at ThreatFabric, this new Remote Access Trojan (RAT) is making headlines not because it cracks encryption algorithms, but because it bypasses them entirely.
How Sturnus Works
Most modern messaging apps use End-to-End Encryption (E2EE). This means if a hacker intercepts the data traveling over Wi-Fi, it looks like gibberish.
Sturnus gets around this by being patient.
Instead of attacking the network, the Sturnus Android RAT waits on your device. When you open WhatsApp, Telegram, or Signal, the malware detects the app launching and silently begins recording your screen or capturing the “Accessibility” data (the text rendered on your display).
It reads the messages after your phone has decrypted them for you.
Why is it called “Sturnus”?
The name comes from Sturnus vulgaris (the European Starling). Just as the bird is known for its chaotic, mimicking calls, this malware uses a “chaotic” communication pattern—mixing plain text with different encryption standards—to confuse security software trying to track it.
Who is being targeted?
As of late November 2025, the malware has been spotted primarily targeting:
- Financial Institutions: Banks in Southern and Central Europe.
- Crypto Wallets: Users with Binance or other exchange apps installed.
- Privacy Advocates: Specifically targeting users of Signal and Telegram.
How to Stay Safe
Sturnus is primarily spread through “droppers”—apps that look legitimate (like PDF readers or Chrome updates) but download the malware later.
Watch for Battery Drain: Screen recording consumes power. If your phone is hot or the battery is dying fast, run a scan immediately.
Check Permissions: Never grant “Accessibility Services” to an app unless you are absolutely sure why it needs it. This is the #1 vector for RATs.
Stick to Play Store: While not perfect, Google Play Protect (which was updated recently to catch Sturnus) is your first line of defense.
