The first few hours with a new smartphone determine its security. Millions of users who unpacked a new Android device over the holidays are having to deal with a dangerous new wave of malware. The banking Trojan “Starling“ and unpatched security holes make an immediate update essential.
The excitement about a new device should not hide the fact that the pre-installed software is often weeks old. It is precisely this gap that attackers are currently exploiting intensively. The December update for Android closes two critical ones Zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572), which are already being actively exploited. They give attackers increased privileges – without users having to do anything.
First step before each use: Go to Settings > System > Software Update. Check whether the security patch is available from December 5, 2025 or newer is installed. If an update is available: install it immediately and restart. This update is the main barrier against active threats.
Advertisement
Millions of Android users underestimate current security risks – Trojans like Sturnus film the screen in real time and read sensitive text. The free security package explains the 5 most important protection measures (system updates, Play Protect, permission check, bloatware removal, backup) with easy-to-follow step-by-step instructions so you can protect your device immediately. It also contains practical checklists for WhatsApp, online banking and app installations. Request the free Android security package now
The “Sturnus” Trojan: Invisible thief on the screen
Table of Contents
On December 24th, security researchers identified the new Android banking Trojan “Sturnus”. His method is particularly tricky: instead of just showing fake login masks, he draws them entire screen in real time and logs every keyboard input. Even end-to-end encrypted messages in WhatsApp or Signal are not secure – Sturnus waits for the user to decrypt them and then captures the text directly from the display.
The distribution mainly takes place via manipulated apps outside the official Play Store. The defense strategy is clear: load apps exclusively from the Google Play Store down. Run a manual scan right after setup Play Protect (Play Store > profile icon > Play Protect). Be particularly wary of “free” versions of actually paid apps – they are a major distribution channel.
Play Protect: Google’s updated defenses
On December 23rd, Google began rolling out important updates for Play Services and the Play Store (version 49.1/49.2). The new system now warns users more clearly about potentially harmful apps. Parental controls have also been simplified – an important feature for young users who received their first smartphone for Christmas.
Be sure to check: In addition to the Android update, there is a separate one Google Play System-Update (Settings > Security & Privacy > System & Updates > Google Play System Update). Make sure “Scan apps with Play Protect” and “Improve malicious app detection” are checked.
Security checklist: More than just passwords
A December 25 report emphasizes: Modern security requires active management. Start with one Authorization check: Which apps have access to location, microphone or camera? A flashlight app that requests your location should be uninstalled immediately.
Also remove pre-installed ones Bloatware from mobile phone providers – these apps often have lax privacy policies. Also use the built-in function to scan for unknown tracking devices (like AirTags) in the “Security & Emergency” settings.
Background: Targeted attacks at Christmas time
The simultaneous spread of “Sturnus” and that already reported on December 22nd “Wonderland”-SMS Stealer is not a coincidence. The latter specializes in intercepting SMS one-time passwords and thus bypasses two-factor authentication. Both malware specifically target inexperienced users who start using new devices during the holidays.
The attack methods are becoming more and more sophisticated. Instead of classic phishing, hackers are now using it “Screen-Scraping” – They do not attack the encrypted transmission, but capture the data directly on the end device. This development is making traditional security concepts increasingly ineffective.
Outlook: AI-supported defense for everyone?
By 2026, experts expect Google to be… “Live Threat Detection” – previously exclusive to Pixel devices – will open to the entire Android ecosystem. This AI-powered technology analyzes app behavior in real time and could detect Trojans like Sturnus before they leak data.
Until this technology is widely available, security remains the responsibility of users. Monthly security reviews will be standard. Google will likely be even more vocal about unused app permissions and outdated security updates – the pressure on users to keep their devices up to date will continue to increase.
Advertisement
PS: Do you use WhatsApp, online banking or other sensitive apps on your new Android device? The free guide shows concrete protection steps against screen scraping and banking Trojans, including a compact checklist for Play Protect and the Google Play system update. The report is available free of charge via email and is particularly suitable for anyone who wants to set up their device securely immediately. Download Security Pack for Android for free now
