Nexus

Nexus is a malware family that is active in the Infostealer category and is widely observed around the world. This example is classified as an infostealer that harvests sensitive credentials and personal data on affected systems. Browser saved passwords, cookies, cryptocurrency wallet data and session tokens are among the sources of this malware.

History

Android bankacilik trojanindan SOVA'dan turetilen Nexus, 2023 yilinda ortaya cikmis modern bir Android bankacilik trojanidir. 50+ kripto borsa uygulamasi ve 450+ finans uygulamasini hedefleyen Nexus; overlay saldirisi, VNC ve Google Authenticator 2FA calma ozellikleri sunmaktadir. Ayda 3.000 USD kiralama bedeliyle satilmaktadir.

Technical Details

Infostealer ailesi: TCP C2 protokolu, kalicilik mekanizmasi (Registry/Task Scheduler), keylogger, ekran goruntüsü, uzak kabuk, dosya yoneticisi, process manager, anti-analiz kontrolleri
Threat Profile
Type Infostealer
Programming LanguageJava
C2 ProtocolHTTP
First Seen2020
Targets Windows
Purpose / Capabilities
  • Browser Credentials
  • Cookie Theft
  • Crypto Wallet
  • 2FA Code
No C2 servers have been identified for this family yet.