For the Nexus malware, please write a short paragraph based on the given background and website info: - the date of the first incident’s report - How does it work, - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution?     Nexus malware is an Android banking trojan promoted via a malware-as-a-service model. The malware has been advertised on several underground cybercrime forums since January 2023, as reported in new research from Cleafy, an Italian-based cybersecurity solutions provider. In an underground cybercrime forum ad, the malware project is described as “very new” and “under continuous development.” More messages from the Nexus author in one forum thread indicate the malware code has been created from scratch. An interesting note: The authors forbid the use of the malware in Russia and in the Commonwealth of Independent States countries. Potential impact of Nexus Android malware The trojan was initially announced in June 2022, but was active months before that. Starting January 2023, however, its authors started promoting it as a botnet, at $3,000 per month for a MaaS subscription. Although still in development stages, the malware appears to be used by multiple threat actors, mainly in attacks aimed at taking over banking and cryptocurrency accounts. The threat can intercept SMS messages and steal credentials, targeting roughly 450 financial applications. Nexus is promoted as a completely new trojan, but Cleafy identified connections with the Sova banking trojan that point at code reuse. In fact, Sova’s author has been claiming that Nexus’ developer is a former affiliate that rented the malware to steal its source code. Cleafy also discovered that both malware families check for a device’s geographical location in a similar manner, that they both ignore devices located in the same countries, and that the two share API similarities related to command-and-control (C&C) communication. The Nexus trojan appears specifically designed to conduct account takeover attacks: it can overlay on top of target applications, can log the victim’s key presses, can steal two-factor authentication (2FA) codes delivered via SMS, and can abuse Accessibility Services to steal crypto-wallet information, Google Authenticator 2FA codes, and browser cookies. Between August 2022 and January 2023, the malware developers added to Nexus the ability to delete received SMS messages and a feature to enable and disable the 2FA stealer module. https://www.securityweek.com/nexus-android-trojan-targets-450-financial-applications/     The number of Nexus control servers is growing and the threat is increasing. According to Cleafy Labs, more than 16 servers were found in 2023 to control Nexus, probably used by several affiliates of the MaaS program. Nexus is sold for $3,000 USD per month through a MaaS subscription, which makes it an interesting opportunity for cybercriminals who do not have the expertise to develop malware or crypt it so that it bypasses antivirus solutions. Nexus Android malware technical analysis Nexus malware runs on Android operating systems and has several functionalities of interest to cybercriminals. Account takeover attacks can be accomplished using Nexus malware. Nexus has a comprehensive list of 450 financial application login pages for grabbing users’ credentials. It is also able to perform overlay attacks and keylog users’ activities. Overlay attacks are very popular on mobile banking trojans. They involve placing a window on top of a legitimate application to ask the user for credentials so they can be stolen. Overlay attacks can also steal cookies from specific sites, typically for session cookie abuse. In addition, Nexus Android malware can steal information from crypto wallets.

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

For the Nexus malware, please write a short paragraph based on the given background and website info:

- the date of the first incident’s report

- How does it work,

- How one should protect his/her system against this malware

- If infected, how one can cope with that? Is there any solution?

 

 

Nexus malware is an Android banking trojan promoted via a malware-as-a-service model. The malware has been advertised on several underground cybercrime forums since January 2023, as reported in new research from Cleafy, an Italian-based cybersecurity solutions provider.

In an underground cybercrime forum ad, the malware project is described as “very new” and “under continuous development.” More messages from the Nexus author in one forum thread indicate the malware code has been created from scratch. An interesting note: The authors forbid the use of the malware in Russia and in the Commonwealth of Independent States countries.

Potential impact of Nexus Android malware

The trojan was initially announced in June 2022, but was active months before that. Starting January 2023, however, its authors started promoting it as a botnet, at $3,000 per month for a MaaS subscription.

Although still in development stages, the malware appears to be used by multiple threat actors, mainly in attacks aimed at taking over banking and cryptocurrency accounts. The threat can intercept SMS messages and steal credentials, targeting roughly 450 financial applications.

Nexus is promoted as a completely new trojan, but Cleafy identified connections with the Sova banking trojan that point at code reuse. In fact, Sova’s author has been claiming that Nexus’ developer is a former affiliate that rented the malware to steal its source code.

Cleafy also discovered that both malware families check for a device’s geographical location in a similar manner, that they both ignore devices located in the same countries, and that the two share API similarities related to command-and-control (C&C) communication.

The Nexus trojan appears specifically designed to conduct account takeover attacks: it can overlay on top of target applications, can log the victim’s key presses, can steal two-factor authentication (2FA) codes delivered via SMS, and can abuse Accessibility Services to steal crypto-wallet information, Google Authenticator 2FA codes, and browser cookies.

Between August 2022 and January 2023, the malware developers added to Nexus the ability to delete received SMS messages and a feature to enable and disable the 2FA stealer module.

https://www.securityweek.com/nexus-android-trojan-targets-450-financial-applications/

 

 

The number of Nexus control servers is growing and the threat is increasing. According to Cleafy Labs, more than 16 servers were found in 2023 to control Nexus, probably used by several affiliates of the MaaS program.

Nexus is sold for $3,000 USD per month through a MaaS subscription, which makes it an interesting opportunity for cybercriminals who do not have the expertise to develop malware or crypt it so that it bypasses antivirus solutions.

Nexus Android malware technical analysis

Nexus malware runs on Android operating systems and has several functionalities of interest to cybercriminals.

Account takeover attacks can be accomplished using Nexus malware. Nexus has a comprehensive list of 450 financial application login pages for grabbing users’ credentials. It is also able to perform overlay attacks and keylog users’ activities.

Overlay attacks are very popular on mobile banking trojans. They involve placing a window on top of a legitimate application to ask the user for credentials so they can be stolen. Overlay attacks can also steal cookies from specific sites, typically for session cookie abuse. In addition, Nexus Android malware can steal information from crypto wallets.

 

 

Expert Solution
steps

Step by step

Solved in 3 steps

Blurred answer
Knowledge Booster
Types of Security Technology
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education