A new Android banking Trojan called Sturnus has been identified that poses a significant threat to users' banking credentials and end-to-end encrypted messaging apps like WhatsApp, Telegram and Signal. It can replicate bank-app login screens, hijack credentials, black out the device screen and read messages once decrypted. Sturnus enables attackers to conduct fraudulent transactions undetected.