Numerous threat actors have already been leveraging the new Nexus Android banking trojan, which enables the targeting of 450 financial apps with account takeover attacks, according to The Hacker News.
Android's Accessibility Services are being exploited by Nexus, which was initially categorized as a new SOVA banking trojan variant, to compromise two-factor authentication codes in Google Authenticator and SMS messages and facilitate account takeover attacks, a Cleafy report showed.
Operators of the Nexus banking trojan have also updated the malware to allow SMS deletion, 2FA stealer module activation or deactivation, and self-updating mechanisms.
Turkey was subjected to most attacks with the Nexus banking trojan, which excludes Russia, Ukraine, Armenia, Kazakhstan, Belarus, Azerbaijan, Kyrgyzstan, Tajikistan, Moldova, Uzbekistan, and Indonesia, according to the report.
"The [Malware-as-a-Service] model allows criminals to monetize their malware more efficiently by providing a ready-made infrastructure to their customers, who can then use the malware to attack their targets," said researchers.