New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions.

Cybersecurity researchers have discovered a new, highly dangerous Android banking malware called Sturnus, named after the common starling or ‘songbird’ because of its complex and ‘chaotic’ communication style.

The Dutch cybersecurity firm ThreatFabric identified this privately-operated threat, which has features that are simply far more advanced and dangerous than what we’ve seen before.

According to ThreatFabric’s blog post, published on November 20, 2025, Sturnus is far more advanced than previous malware, capable of stealing your bank details, able to view chat content on apps like WhatsApp, Telegram, and Signal by abusing Android’s Accessibility Service

How it Decodes Your ‘Encrypted’ Chats

Even though these apps use end-to-end encryption, which means only you and the person you ...