A new Android banking trojan called Nexus was discovered by Cyble Research and Intelligence Labs (CRIL) and cybersecurity firm Cleafy (through Tom's Guide).
It first appeared last June and is now being openly advertised by its creators on hacker forums to increase its reach. Nexus' primary targets are 450 banking and cryptocurrency apps.
Distributed via phishing websites impersonating the legitimate websites of YouTube Vanced, a defunct applications third-party YouTube. It uses all the known tricks to get your bank information and get hold of your financial accounts.
Nexus asks for 50 permissions and abuses at least 14 of them!
It is capable of performing cloaking attacks, i.e. duplicating a legitimate one interface για να σας εξαπατήσει ώστε να εισαγάγετε τα διαπιστευτήριά σας, και χρησιμοποιεί keylogging για να καταγράφει τις πληκτρολογήσεις σας. Μπορεί ακόμη και να υποκλέψει μηνύματα SMS για να αποκτήσει πρόσβαση σε κωδικούς ελέγχου ταυτότητας δύο παραγόντων και μπορεί να καταχραστεί τις Υπηρεσίες Προσβασιμότητας για να υποκλέψει πληροφορίες από πορτοφόλια κρυπτογράφησης, κωδικούς επαλήθευσης 2 βημάτων που δημιουργούνται από το Google Authenticator and website cookies. The trojan can also delete received messages.
Once installed on a device, Nexus connects to the command and control server (C2). C2s are used by cybercriminals for control malicioussoftware, launching attacks and receiving stolen data.
Nexus is said to be in beta stage, but it is already being used by many threat actors to carry out malicious activities. Cybercriminals who don't know how to make their own malware can rent it for $3.000 a month.
The developer appears to be from a Commonwealth of Independent States (CIS) country and has banned the use of the trojan in Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russian Federation, Tajikistan, Uzbekistan, Ukraine and Indonesia.
Nexus is capable of updating itself and Cleafy believes it is a real threat and can infect hundreds of Appliances Android in the world.
To protect yourself from infections, try to only download apps from Google Play and enable Google Play Protect. Use strong passwords and enable biometric security features where possible and be very careful when granting permissions.
Are you referring to Vanced or what you write also applies to Revanced extended? I ask because I use the second one and you worried me.
To be 100% sure, delete both reVanced and MicroG you have and install it from the official xda team thread https://forum.xda-developers.com/t/app-8-0-guides-revanced-revanced-extended.4523967/